lottie-backdoor: Lottie Player - Backdoor

漏洞描述

PoC代码[已公开]

id: lottie-backdoor

info:
  name: Lottie Player - Backdoor
  author: nagli-wiz
  severity: critical
  description: |
    Detectes vulnerable compormised version of lottie-player JS Library that were compormised with a Web3 wallet pop-up backdoor.
  reference:
    - https://github.com/LottieFiles/lottie-player/issues/254
    - https://x.com/galnagli/status/1851779972639363076
  tags: cdn,lottie-player,backdoor,malware,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true
    max-redirects: 1

    matchers:
      - type: word
        words:
          - 'lottie-player@2.0.5'
          - 'lottie-player@2.0.6'
          - 'lottie-player@2.0.7'
# digest: 4a0a004730450221008acfa709732b509541b39f2ece994de5e369a38a83114d0391c257b2122f7ad702206fe451b03b1eb2d011d43e7f53f53317eb18107e199fc4071bbd04a76698f049:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• CVE-2011-2523: VSFTPD 2.3.4 - Backdoor Command Execution
• POC CVE-2015-4414: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
• POC CVE-2019-9618: WordPress GraceMedia Media Player 1.0 - Local File Inclusion
• POC CVE-2021-39350: FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
• POC CVE-2021-40859: Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
• POC CVE-2022-25216: DVDFab 12 Player/PlayerFab - Local File Inclusion
• POC CVE-2024-1061: WordPress HTML5 Video Player - SQL Injection
• POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
• POC CVE-2024-3272: D-Link Network Attached Storage - Backdoor Account
• POC CVE-2024-3273: D-Link Network Attached Storage - Command Injection and Backdoor Account
• POC CVE-2024-54385: Radio Player <= 2.0.82 - Server-Side Request Forgery
• POC CVE-2024-5522: WordPress HTML5 Video Player < 2.5.27 - SQL Injection
• POC CVE-2011-2523: VSFTPD 2.3.4 - Backdoor Command Execution