daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matcher

patch-1
Ritik Chaddha 2023-05-10 17:42:58 +05:30 committed by GitHub
parent aa90fc9036
commit 2696334222
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
http/cves/2022/CVE-2022-3980.yaml
View File

@ -5,7 +5,7 @@ info:
author: dabla
severity: critical
description: |
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
reference:
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20221116-smc-xee
- https://nvd.nist.gov/vuln/detail/CVE-2022-3980
@ -38,7 +38,7 @@ http:
matchers:
- type: dsl
dsl:
- contains(interactsh_protocol, 'http')
- status_code == 400
- contains_all(to_lower(interactsh_request), 'user-agent','java')
condition: and
- "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
- "status_code == 400"
- "len(body) == 0"
condition: and