2022-07-09 09:22:47 +00:00
id : icewarp-open-redirect
2022-07-08 10:58:41 +00:00
info :
2022-07-09 09:22:47 +00:00
name : IceWarp - Open Redirect
2022-07-08 10:58:41 +00:00
author : uomogrande
2022-07-09 16:41:36 +00:00
severity : medium
2022-10-19 21:11:27 +00:00
description : IceWarp open redirect vulnerabilities were detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation : Fixed in 13.0.2.4.
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cwe-id : CWE-601
2022-07-09 09:22:47 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2022-07-09 09:22:47 +00:00
shodan-query : title:"icewarp"
2022-07-08 10:58:41 +00:00
tags : icewarp,redirect
2023-04-27 04:28:59 +00:00
http :
2023-10-01 12:23:02 +00:00
- method : GET
path :
- "{{BaseURL}}///interact.sh/%2F.."
2022-07-08 10:58:41 +00:00
matchers-condition : and
matchers :
2022-07-09 09:22:47 +00:00
- type : word
part : header
words :
- 'IceWarp'
2022-07-08 10:58:41 +00:00
2022-07-09 09:22:47 +00:00
- type : regex
part : header
regex :
2023-03-01 18:22:21 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
2022-07-09 09:22:47 +00:00
2022-07-08 10:58:41 +00:00
extractors :
- type : regex
name : redirected
part : header
group : 1
regex :
- 'Server : (.{4,20})'
2023-10-20 11:41:13 +00:00
# digest: 4b0a0048304602210081cd43c52ad6b4a02cfa2bcf4d6d16c92aed9bc930995cb0a25bbbb012ab977d0221008b51f5f8f51b2468c18ad64b3e0e90b28f3a222eaff07aa944694f00caca10fb:922c64590222798bb761d5b6d8e72950
