Goby/json/TerraMaster-TOS-RCE-(CVE-20...

{
  "Name": "TerraMaster TOS RCE (CVE-2020-15568)",
  "Description": "TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.",
  "Product": "TerraMaster-TOS",
  "Homepage": "https://www.terra-master.com/cn/",
  "DisclosureDate": "2021-01-30",
  "Author": "itardc@163.com",
  "FofaQuery": "app=\"TerraMaster-NAS\"",
  "GobyQuery": "",
  "Level": "3",
  "Impact": "",
  "Recommendation": "",
  "References": [
    "https://help.terra-master.com/TOS/view/",
    "https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/",
    "https://nvd.nist.gov/vuln/detail/CVE-2020-15568",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15568"
  ],
  "HasExp": true,
  "ExpParams": [
    {
      "name": "cmd",
      "type": "input",
      "value": "whoami"
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "data": "",
        "data_type": "text",
        "follow_redirect": true,
        "method": "GET",
        "uri": "/"
      },
      "ResponseTest": {
        "checks": [
          {
            "bz": "",
            "operation": "==",
            "type": "item",
            "value": "200",
            "variable": "$code"
          }
        ],
        "operation": "AND",
        "type": "group"
      }
    }
  ],
  "ExploitSteps": null,
  "Tags": ["rce"],
  "CVEIDs": [
    "CVE-2020-15568"
  ],
  "CVSSScore": "9.8",
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": ["TerraMaster-NAS"]
  }
}
auto 2022-11-25 02:08:58 -08:00			`{`
			`"Name": "TerraMaster TOS RCE (CVE-2020-15568)",`
			`"Description": "TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.",`
			`"Product": "TerraMaster-TOS",`
			`"Homepage": "https://www.terra-master.com/cn/",`
			`"DisclosureDate": "2021-01-30",`
			`"Author": "itardc@163.com",`
			`"FofaQuery": "app=\"TerraMaster-NAS\"",`
			`"GobyQuery": "",`
			`"Level": "3",`
			`"Impact": "",`
			`"Recommendation": "",`
			`"References": [`
			`"https://help.terra-master.com/TOS/view/",`
			`"https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/",`
			`"https://nvd.nist.gov/vuln/detail/CVE-2020-15568",`
			`"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15568"`
			`],`
			`"HasExp": true,`
			`"ExpParams": [`
			`{`
			`"name": "cmd",`
			`"type": "input",`
			`"value": "whoami"`
			`}`
			`],`
			`"ExpTips": {`
			`"Type": "",`
			`"Content": ""`
			`},`
			`"ScanSteps": [`
			`"AND",`
			`{`
			`"Request": {`
			`"data": "",`
			`"data_type": "text",`
			`"follow_redirect": true,`
			`"method": "GET",`
			`"uri": "/"`
			`},`
			`"ResponseTest": {`
			`"checks": [`
			`{`
			`"bz": "",`
			`"operation": "==",`
			`"type": "item",`
			`"value": "200",`
			`"variable": "$code"`
			`}`
			`],`
			`"operation": "AND",`
			`"type": "group"`
			`}`
			`}`
			`],`
			`"ExploitSteps": null,`
			`"Tags": ["rce"],`
			`"CVEIDs": [`
			`"CVE-2020-15568"`
			`],`
			`"CVSSScore": "9.8",`
			`"AttackSurfaces": {`
			`"Application": null,`
			`"Support": null,`
			`"Service": null,`
			`"System": null,`
			`"Hardware": ["TerraMaster-NAS"]`
			`}`
			`}`