updated matcher
parent
aa90fc9036
commit
2696334222
|
@ -5,7 +5,7 @@ info:
|
|||
author: dabla
|
||||
severity: critical
|
||||
description: |
|
||||
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
|
||||
An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
|
||||
reference:
|
||||
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20221116-smc-xee
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3980
|
||||
|
@ -38,7 +38,7 @@ http:
|
|||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- contains(interactsh_protocol, 'http')
|
||||
- status_code == 400
|
||||
- contains_all(to_lower(interactsh_request), 'user-agent','java')
|
||||
condition: and
|
||||
- "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
|
||||
- "status_code == 400"
|
||||
- "len(body) == 0"
|
||||
condition: and
|
||||
|
|
Loading…
Reference in New Issue