Merge pull request #18 from xiaoheihei1107/master

Add
2025-05-07 03:02:24 +00:00 · 2021-08-27 16:30:33 +08:00 · 2021-08-27 16:30:33 +08:00 · e5d2546984
commit e5d2546984
parent ea32a8938b c36ca0e372
8 changed files with 36 additions and 0 deletions
--- a/Bithighway/CNVD-2021-37007/Bithighway_L7_Auth_RCE_CNVD_2021_37007.gif
+++ b/Bithighway/CNVD-2021-37007/Bithighway_L7_Auth_RCE_CNVD_2021_37007.gif
--- a/Bithighway/CNVD-2021-37007/README.md
+++ b/Bithighway/CNVD-2021-37007/README.md
@ -0,0 +1,9 @@
+# Bithighway L7 Auth RCE (CNVD-2021-37007)
+
+Bihaiwei L7 cloud router wireless operation version has command execution vulnerabilities. An attacker can use this vulnerability to gain control of the server.
+
+FOFA **query rule**: [banner="L7Engine"](https://fofa.so/result?qbase64=YmFubmVyPSJMN0VuZ2luZSI%3D)
+
+# Demo
+
+![Bithighway_L7_Auth_RCE_CNVD_2021_37007](Bithighway_L7_Auth_RCE_CNVD_2021_37007.gif)
--- a/Wireless/CVE-2021-3017/Intelbras_Wireless_Information_leakage_CVE_2021_3017.gif
+++ b/Wireless/CVE-2021-3017/Intelbras_Wireless_Information_leakage_CVE_2021_3017.gif
--- a/Wireless/CVE-2021-3017/README.md
+++ b/Wireless/CVE-2021-3017/README.md
@ -0,0 +1,9 @@
+# Intelbras Wireless Information leakage (CVE-2021-3017)
+
+The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
+
+FOFA **query rule**: [title="Roteador Wireless" && body="def_wirelesspassword"](https://fofa.so/result?qbase64=dGl0bGU9IlJvdGVhZG9yIFdpcmVsZXNzIiAmJiBib2R5PSJkZWZfd2lyZWxlc3NwYXNzd29yZCI%3D)
+
+# Demo
+
+![Intelbras_Wireless_Information_leakage_CVE_2021_3017](Intelbras_Wireless_Information_leakage_CVE_2021_3017.gif)
--- a/WordPress/CVE-2021-24146/README.md
+++ b/WordPress/CVE-2021-24146/README.md
@ -0,0 +1,9 @@
+# WordPress Modern Events Calendar Lite file export (CVE-2021-24146)
+
+Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
+
+FOFA **query rule**: [app="wordpress"](https://fofa.so/result?qbase64=YXBwPSJ3b3JkcHJlc3Mi)
+
+# Demo
+
+![WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146](WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146.gif)
--- a/WordPress/CVE-2021-24146/WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146.gif
+++ b/WordPress/CVE-2021-24146/WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146.gif
--- a/zhongkebohua/CNVD-2016-07063/README.md
+++ b/zhongkebohua/CNVD-2016-07063/README.md
@ -0,0 +1,9 @@
+# zkbh_Firewall cmd.php RCE (CNVD-2016-07063)
+
+zkbh-Firewall cmd.php has insufficient filtering and has command execution vulnerabilities.
+
+FOFA **query rule**: [app="博华网龙信息安全一体机"](https://fofa.so/result?qbase64=YXBwPSLljZrljY7nvZHpvpnkv6Hmga%2FlronlhajkuIDkvZPmnLoi)
+
+# Demo
+
+![zkbh_Firewall_cmd_php_RCE_CNVD_2016_07063](zkbh_Firewall_cmd_php_RCE_CNVD_2016_07063.gif)
--- a/zhongkebohua/CNVD-2016-07063/zkbh_Firewall_cmd_php_RCE_CNVD_2016_07063.gif
+++ b/zhongkebohua/CNVD-2016-07063/zkbh_Firewall_cmd_php_RCE_CNVD_2016_07063.gif