2024-04-10 06:32:05 +00:00
|
|
|
id: gohire-takeover
|
|
|
|
|
|
|
|
|
|
info:
|
2024-04-15 04:53:12 +00:00
|
|
|
name: GoHire Takeover Detection
|
2024-04-10 06:32:05 +00:00
|
|
|
author: philippedelteil
|
2024-04-15 04:53:12 +00:00
|
|
|
severity: high
|
|
|
|
|
reference:
|
|
|
|
|
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/403
|
|
|
|
|
metadata:
|
|
|
|
|
max-request: 1
|
|
|
|
|
tags: takeover,gohire
|
2024-04-10 06:32:05 +00:00
|
|
|
|
2024-04-15 04:53:12 +00:00
|
|
|
http:
|
2024-04-10 06:32:05 +00:00
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}"
|
|
|
|
|
|
2024-04-15 04:53:12 +00:00
|
|
|
matchers-condition: and
|
2024-04-10 06:32:05 +00:00
|
|
|
matchers:
|
2024-04-15 04:53:12 +00:00
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- Host != ip
|
|
|
|
|
|
2024-04-10 06:32:05 +00:00
|
|
|
- type: word
|
2024-04-15 04:53:12 +00:00
|
|
|
part: body
|
2024-04-10 06:32:05 +00:00
|
|
|
words:
|
2024-04-15 04:53:12 +00:00
|
|
|
- 'You may have followed an invalid link or the job you are looking for has been archived'
|
|
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 404
|
2024-07-10 11:31:30 +00:00
|
|
|
|
2024-07-08 12:16:52 +00:00
|
|
|
extractors:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
2024-07-17 14:38:10 +00:00
|
|
|
- cname
|
2024-07-17 14:40:22 +00:00
|
|
|
# digest: 490a00463044022075bc75ceacf2c4fcf2ee2a3f45c68293414cb79afdefc2b68a040c1fc39b4fb40220637462e31cb129a25abc0c88e2c21c4b7798c34117c08c73ce475af28474cd3b:922c64590222798bb761d5b6d8e72950
|
