Merge pull request #22 from xiaoheihei1107/master

Add CVE-2020-25223，CRMEB DaTong sid sqli，CVE-2018-12634，ECOA Building System multiple vulnerabilities，Softneta MedDream 6.7.11 Directory Traversal

CRMEB/DaTong_sid_sqli/README.md

@@ -0,0 +1,9 @@
+# CRMEB DaTong sid sqli
+
+CRMEB open version v4 is a free and open source mall system, UINAPP+thinkphp6 framework mall. The sid parameter under the path of CRMEB open version /api/products has unfiltered SQL statement splicing, resulting in SQL injection.
+
+FOFA **query rule**: [body="CRMEB" && body="/h5/js/app"](https://fofa.so/result?qbase64=Ym9keT0iQ1JNRUIiICYmIGJvZHk9Ii9oNS9qcy9hcHAi)
+
+# Demo
+
+![CRMEB_DaTong_sid_sqli](CRMEB_DaTong_sid_sqli.gif)

Chemex/CNVD-2021-15573/README.md

@@ -0,0 +1,9 @@
+# Chemex Auth File Upload CNVD-2021-15573
+
+Coffee pot Chemex is a free, open source, efficient and beautiful IT operation and maintenance management platform. Chemex has a background file upload vulnerability(default login admin:admin), which can be exploited by attackers to gain control of the server.
+
+FOFA **query rule**: [(title="咖啡壶" || body="让IT资产管理更加简单") && body="CreateDcat"](https://fofa.so/result?qbase64=KHRpdGxlPSLlkpbllaHlo7YiIHx8IGJvZHk9IuiuqUlU6LWE5Lqn566h55CG5pu05Yqg566A5Y2VIikgJiYgYm9keT0iQ3JlYXRlRGNhdCI%3D)
+
+# Demo
+
+![Chemex_Auth_File_Upload_CNVD_2021_15573](Chemex_Auth_File_Upload_CNVD_2021_15573.gif)

CirCarLife/CVE-2018-12634/README.md

@@ -0,0 +1,10 @@
+# CirCarLife SCADA 4.3 Credential Disclosure
+
+Circontrol is a Spanish manufacturer that insists on developing innovative technologies to provide competitive and comprehensive products and solutions for eMobility and efficiency of parking lots. CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 has an information disclosure vulnerability, leaking information such as logs and configuration.
+
+FOFA **query rule**: [banner="CirCarLife Scada"](https://fofa.so/result?qbase64=YmFubmVyPSJDaXJDYXJMaWZlIFNjYWRhIg%3D%3D)
+
+# Demo
+
+![CirCarLife_SCADA_4_3_Credential_Disclosure](CirCarLife_SCADA_4_3_Credential_Disclosure.gif)
+

Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/README.md

@@ -0,0 +1,10 @@
+# Dwsurvey 3.2 Arbitrary File Read
+
+DWSurvey is a convenient, efficient and stable survey questionnaire system, an open source questionnaire form system based on JAVA WEB. The filePath parameter of the ToHtmlServlet.java file in the dwsurvey-oss-v3.2.0 version has an arbitrary file reading vulnerability.
+
+FOFA **query rule**: [app="DIAOWEN-问卷表单系统"](https://fofa.so/result?qbase64=YXBwPSJESUFPV0VOLemXruWNt%2BihqOWNleezu%2Be7nyI%3D)
+
+# Demo
+
+![Dwsurvey_3_2_Arbitrary_File_Read](Dwsurvey_3_2_Arbitrary_File_Read.gif)
+

ECOA/ECOA_Building_System/README.md

@@ -0,0 +1,9 @@
+# ECOA Building System multiple vulnerabilities
+
+ECOA Technologies, the company formerly known as ECOA Technologies, was established in Taiwan in 1993. The company specializes in BMS control products. There are multiple vulnerabilities in the ECOA automation system, including information leakage, directory traversal, file reading, etc.
+
+FOFA **query rule**: [body="ECOA" && title="ECOA"](https://fofa.so/result?qbase64=Ym9keT0iRUNPQSIgJiYgdGl0bGU9IkVDT0Ei)
+
+# Demo
+
+![ECOA_Building_System_multiple_vulnerabilities](ECOA_Building_System_multiple_vulnerabilities.gif)

Gurock/CVE-2021-40875/README.md

@@ -0,0 +1,9 @@
+# Gurock Testrail 7.2 Information leakage CVE-2021-40875
+
+Testrail is a complete web-based test case management solution to efficiently manage, track, and organize your software testing efforts. Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
+
+FOFA **query rule**: [title="Login - TestRail"](https://fofa.so/result?qbase64=dGl0bGU9IkxvZ2luIC0gVGVzdFJhaWwi)
+
+# Demo
+
+![Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875](Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875.gif)

Huahou/iRDM4000/README.md

@@ -0,0 +1,9 @@
+# iRDM4000 cookie bypass
+
+Hebei Huahou Tiancheng Environmental Technology Co., Ltd. is a professional manufacturer of environmental online monitoring equipment and a leading environmental monitoring system integrator. The iRDM4000 smart station room online supervision, diagnosis and configuration sub-station has cookie forgery, which leads to malicious login to the operation background.
+
+FOFA **query rule**: [body="iRDM4000"](https://fofa.so/result?qbase64=Ym9keT0iaVJETTQwMDAi)
+
+# Demo
+
+![iRDM4000_cookie_bypass](iRDM4000_cookie_bypass.gif)

OpenCats/CVE-2019-13358/README.md

@@ -0,0 +1,9 @@
+# OpenCats 9.4.2 XXE CVE-2019-13358
+
+OpenCats is a leading free & open applicant tracking system.lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
+
+FOFA **query rule**: [app="opencats-Login"](https://fofa.so/result?qbase64=YXBwPSJvcGVuY2F0cy1Mb2dpbiI%3D)
+
+# Demo
+
+![OpenCats_9_4_2_XXE_CVE_2019_13358](OpenCats_9_4_2_XXE_CVE_2019_13358.gif)

Softneta/MedDream_Directory_Traversal/README.md

@@ -0,0 +1,10 @@
+# Softneta MedDream 6.7.11 Directory Traversal
+
+Softneta specializes in medical imaging and communication solutions to improve the quality of healthcare. The company was founded in 2007 and possesses 14+ years of experience in the development of medical devices for processing, visualization and transmission of diagnostic medical data. Softneta MedDream PACS Server Premium 6.7.1.1 nocache.php has Directory Traversal.
+
+FOFA **query rule**: [body="MedDream"](https://fofa.so/result?qbase64=Ym9keT0iTWVkRHJlYW0i)
+
+# Demo
+
+![Softneta_MedDream_6_7_11_Directory_Traversal](Softneta_MedDream_6_7_11_Directory_Traversal.gif)
+

Sophos/CVE-2020-25223/README.md

@@ -0,0 +1,9 @@
+# Sophos UTM RCE CVE-2020-25223
+
+Sophos UTM is a soft routing equipment product developed by the British Sophos company that provides advanced next-generation cloud sandbox technology. A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
+
+FOFA **query rule**: [app="SOPHOS-UTM"](https://fofa.so/result?qbase64=YXBwPSJTT1BIT1MtVVRNIg%3D%3D)
+
+# Demo
+
+![Sophos_UTM_RCE_CVE_2020_25223](Sophos_UTM_RCE_CVE_2020_25223.gif)