Xiuno BBS CNVD-2019-01348
ID: CNVD-2019-01348
Severity: high
Author: princechaddha
Tags: cnvd2019,cnvd,xiuno
Description
Section titled “Description”The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
YAML Source
Section titled “YAML Source”id: CNVD-2019-01348
info: name: Xiuno BBS CNVD-2019-01348 author: princechaddha severity: high description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page. remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product. reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cwe-id: CWE-284 metadata: max-request: 1 tags: cnvd2019,cnvd,xiuno
http: - method: GET path: - "{{BaseURL}}/install/"
headers: Accept-Encoding: deflate
matchers-condition: and matchers: - type: status status: - 200
- type: word part: body words: - "/view/js/xiuno.js" - "Choose Language (选择语言)" condition: and# digest: 4a0a00473045022100d74d477dcc2a0aaf2561cad951b1fcdf9e1d95e4a2285885d64fcb95d2af714b02206f226afdf5b2a1c0594ce3eb8ea8f1a0fd02455413cecf7f0c23bf68fc86002e:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cnvd/2019/CNVD-2019-01348.yaml"