nuclei-templates/http/vulnerabilities/backdoor/polyfill-backdoor.yaml

33 lines
1.0 KiB
YAML
Raw Normal View History

id: polyfill-backdoor
2024-06-25 13:36:55 +00:00
info:
2024-07-15 13:18:30 +00:00
name: Polyfill.io - Backdoor
2024-06-25 13:36:55 +00:00
author: kazet
severity: high
2024-06-27 10:46:00 +00:00
description: |
The polyfill.io CDN was suspected to serve malware.
2024-06-25 13:36:55 +00:00
reference:
- https://sansec.io/research/polyfill-supply-chain-attack
- https://web.archive.org/web/20240229113710/https://github.com/polyfillpolyfill/polyfill-service/issues/2834
- https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk
metadata:
verified: true
max-request: 1
2024-06-27 10:46:00 +00:00
shodan-query: html:"polyfill.io"
tags: cdn,polyfill-io,backdoor,malware
2024-06-25 13:36:55 +00:00
http:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
max-redirects: 1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "<script[^>]* src=['\"]https?://([a-zA-Z0-9-]*.)?polyfill.io[/'\"]"
# digest: 4a0a0047304502203f42ee7cd83f09782d81dcd502e2ed01add4d201cceb9baf65a2a240203f8046022100a05c40d55db5434ccc8fb01d0df8479216dc0191ebf471f93bcfb3d7adff0309:922c64590222798bb761d5b6d8e72950