From 2a7c7f816ad26254b6061e62ad1f992386c4d0e9 Mon Sep 17 00:00:00 2001
From: uomogrande <arnold.grossmann@bit.admin.ch>
Date: Fri, 8 Jul 2022 12:58:41 +0200
Subject: [PATCH 1/4] Added icewarp-openredirects Template

---
 .../other/icewarp-openredirects.yaml          | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 vulnerabilities/other/icewarp-openredirects.yaml

diff --git a/vulnerabilities/other/icewarp-openredirects.yaml b/vulnerabilities/other/icewarp-openredirects.yaml
new file mode 100644
index 0000000000..df055e445e
--- /dev/null
+++ b/vulnerabilities/other/icewarp-openredirects.yaml
@@ -0,0 +1,34 @@
+id: icewarp-open-redirects
+
+info:
+  name: icewarp open redirects
+  author: uomogrande
+  severity: medium
+  description: Detects icewarp open redirects / fixed in Version 13.0.2.4
+  reference: "shodan Server: IceWarp/"
+  tags: icewarp,redirect
+
+requests:
+  - raw:
+      - |
+        GET ///interact.sh/%2F.. HTTP/1.1
+
+    redirects: false
+    matchers-condition: and
+    matchers:
+
+      - type: dsl
+        name: redirected
+        dsl:
+          - 'contains(all_headers, "HTTP/1.1 302 Document Moved")'
+          - 'contains(all_headers, "Location: //interact.sh/../")'
+          - 'contains(all_headers, "Server: IceWarp")'
+        condition: and
+
+    extractors:
+      - type: regex
+        name: redirected
+        part: header
+        group: 1
+        regex:
+          - 'Server: (.{4,20})'

From 29acb27dc65f55bc0b467e76675a88cd34b5ce59 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sat, 9 Jul 2022 14:52:47 +0530
Subject: [PATCH 2/4] Update icewarp-openredirects.yaml

---
 .../other/icewarp-openredirects.yaml          | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/vulnerabilities/other/icewarp-openredirects.yaml b/vulnerabilities/other/icewarp-openredirects.yaml
index df055e445e..3aace1fa6b 100644
--- a/vulnerabilities/other/icewarp-openredirects.yaml
+++ b/vulnerabilities/other/icewarp-openredirects.yaml
@@ -1,11 +1,13 @@
-id: icewarp-open-redirects
+id: icewarp-open-redirect
 
 info:
-  name: icewarp open redirects
+  name: IceWarp - Open Redirect
   author: uomogrande
-  severity: medium
+  severity: low
   description: Detects icewarp open redirects / fixed in Version 13.0.2.4
-  reference: "shodan Server: IceWarp/"
+  metadata:
+    verified: true
+    shodan-query: title:"icewarp"
   tags: icewarp,redirect
 
 requests:
@@ -13,17 +15,21 @@ requests:
       - |
         GET ///interact.sh/%2F.. HTTP/1.1
 
-    redirects: false
     matchers-condition: and
     matchers:
+      - type: word
+        part: header
+        words:
+          - 'IceWarp'
 
-      - type: dsl
-        name: redirected
-        dsl:
-          - 'contains(all_headers, "HTTP/1.1 302 Document Moved")'
-          - 'contains(all_headers, "Location: //interact.sh/../")'
-          - 'contains(all_headers, "Server: IceWarp")'
-        condition: and
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' 
+
+      - type: status
+        status:
+          - 302
 
     extractors:
       - type: regex

From fd9fb82a61ff6b1655f6c34732ff550f63756866 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sat, 9 Jul 2022 14:55:04 +0530
Subject: [PATCH 3/4] Update icewarp-openredirects.yaml

---
 vulnerabilities/other/icewarp-openredirects.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerabilities/other/icewarp-openredirects.yaml b/vulnerabilities/other/icewarp-openredirects.yaml
index 3aace1fa6b..37b5010d4e 100644
--- a/vulnerabilities/other/icewarp-openredirects.yaml
+++ b/vulnerabilities/other/icewarp-openredirects.yaml
@@ -25,7 +25,7 @@ requests:
       - type: regex
         part: header
         regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' 
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
 
       - type: status
         status:

From 7789261fcef8e67cdbc8640c56a566641cfe29d4 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sat, 9 Jul 2022 22:11:36 +0530
Subject: [PATCH 4/4] Update icewarp-openredirects.yaml

---
 vulnerabilities/other/icewarp-openredirects.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/vulnerabilities/other/icewarp-openredirects.yaml b/vulnerabilities/other/icewarp-openredirects.yaml
index 37b5010d4e..f040c3581e 100644
--- a/vulnerabilities/other/icewarp-openredirects.yaml
+++ b/vulnerabilities/other/icewarp-openredirects.yaml
@@ -3,7 +3,7 @@ id: icewarp-open-redirect
 info:
   name: IceWarp - Open Redirect
   author: uomogrande
-  severity: low
+  severity: medium
   description: Detects icewarp open redirects / fixed in Version 13.0.2.4
   metadata:
     verified: true
@@ -27,10 +27,6 @@ requests:
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
 
-      - type: status
-        status:
-          - 302
-
     extractors:
       - type: regex
         name: redirected