.. / CVE-2019-8982

Exploit for Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery (CVE-2019-8982)

Description:

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.

Nuclei Template

View the template here CVE-2019-8982.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-8982.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2019-8982
https://www.exploit-db.com/exploits/45158
https://github.com/merlinepedra25/nuclei-templates
https://github.com/sobinge/nuclei-templates

.. / CVE-2019-8982 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery (CVE-2019-8982)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-8982