Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gnu mailman detect and CVE 2021 42097 #6683

Merged
merged 10 commits into from
Mar 3, 2023
Merged

Gnu mailman detect and CVE 2021 42097 #6683

merged 10 commits into from
Mar 3, 2023

Conversation

S4lt5
Copy link
Contributor

@S4lt5 S4lt5 commented Feb 6, 2023
edited

Template / PR Information

When reviewing some nuclei findings for my domains, when crawling the directories I also found a mailman instance (which I had never heard of before today), and saw that it was also outdated.

I notice that GNU Mailman has a number of CVEs, and the /listinfo page might divulge some info to external users.

The particular instance I found was vulnerable to CVE-2021-42097, and I've created some templates and am sweeping all of my machines now.

I wanted to share incase someone else had these unbeknownst to them!

This is my first PR to Nuclei Templates , so I am sure I have messed something up.

Template Validation

I've validated this template locally?

  • [ X] YES
  • NO

image

Additional References:

@S4lt5
Create gnu-mailman-detect.yaml
39b2a66 
Add detection for exposed /listinfo page for GNU  mailman
@S4lt5
Create CVE-2021-42097.yaml
86f37b8 
Add CVE 2021 42097 Detection for GNU Mailman (Privesc/ CSRF Token Bypass)
@auto-assign auto-assign bot requested a review from pussycat0x February 6, 2023 16:28
@pussycat0x pussycat0x requested review from DhiyaneshGeek and removed request for pussycat0x February 10, 2023 06:38
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Mar 2, 2023
@ritikchaddha ritikchaddha added the good first issue Good for newcomers label Mar 2, 2023
@DhiyaneshGeek
Copy link
Member

Hi @Yablargo Thank you so much for sharing this template with the community,

we have removed the CSRF attack which was added in the PR CVE-2021-42097, since it's not suitable for the public repository

Once again thank you so much for the contribution 💯

@DhiyaneshGeek DhiyaneshGeek merged commit 7e0761a into projectdiscovery:main Mar 3, 2023
@S4lt5 S4lt5 deleted the gnu-mailman-detect-and-cve-2021-42097 branch March 3, 2023 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

Assignees

@pussycat0x pussycat0x

Labels
Done Ready to merge good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@S4lt5 @DhiyaneshGeek @ritikchaddha @pussycat0x