id: CNVD-2019-01348

info:
  name: Xiuno BBS CNVD-2019-01348
  author: princechaddha
  severity: high
  description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
  remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cwe-id: CWE-284
  metadata:
    max-request: 1
  tags: cnvd2019,cnvd,xiuno

http:
  - method: GET
    path:
      - "{{BaseURL}}/install/"

    headers:
      Accept-Encoding: deflate

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "/view/js/xiuno.js"
          - "Choose Language (选择语言)"
        condition: and
# digest: 4a0a00473045022100b6a39cfcebf7ab3fb045053d648e1626c610339c161f325287e565105edbe43b022029eb8f13d58ef43393ad70e6daca417cff79565fa54a0bd4fcf58a093946ae25:922c64590222798bb761d5b6d8e72950