google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Apache License 2.0
882 stars 180 forks source link

PRP: Dolibarr ERP pre auth rce on default insallations works on all versions #373

Open vishwaraj101 opened 10 months ago

vishwaraj101 commented 10 months ago

This will detect the vulnerable instances which can be exploited to achieve RCE. It will work on the default installations Dolibarr is an Open Source ERP & CRM for business for SMEs, Large Companies, Freelancers, Foundations)

It is currently used by 5000+ instances as per shodan query

This will detect the vulnerable dolibarr version from 6-18.0.0 latest version.

Let me know if i can start working on this I can start quickly

tooryx commented 10 months ago

Hi @vishwaraj101,

Could you provide more context on the vulnerability? (e.g. link to the CVE entry, how you plan to implement it, ...).

Thank you, ~tooryx

vishwaraj101 commented 10 months ago

@tooryx So i can write full blown exploit or a generic detection for this for the safer purpose. I think simple detection logic will do the work. Since I have worked on CVE-2023-33568 to make it pre auth RCE. Let me know

CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-33568

vishwaraj101 commented 10 months ago

Any updates on this ?

tooryx commented 10 months ago

Hi @vishwaraj101,

We are not sure if we wish to continue on this one, hence why I put the fingerprints at the top of your contribution queue. We will have more visibility once we have the fingerprints.

~tooryx

vishwaraj101 commented 10 months ago

@tooryx what if I write just about the original issue detection ? I think that will be more fruitful what do suggest shall I ?

tooryx commented 10 months ago

I am sorry not sure to understand, what do you mean?

vishwaraj101 commented 10 months ago

I mean writing the plugin detecting -> CVE-2023-33568

tooryx commented 10 months ago

Got it. As mentioned before, we would like to have the fingerprints merged first to see if we are interested in the implementation of this vulnerability. We can discuss again once the fingerprints are merged.