daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix matcher and added metadata

patch-1
Dhiyaneshwaran 2023-06-12 16:29:09 +05:30 committed by GitHub
parent 171082cf0e
commit 26f3753bba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
http/cves/2011/CVE-2011-5252.yaml
View File

@ -1,46 +1,33 @@
id: CVE-2011-5252
info:
name: Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 - Open Redirect
description: |
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
name: Orchard 'ReturnUrl' Parameter URI - Open Redirect
author: ctflearner
severity: medium
tags:
- Orchard
- Open redirect
- web
- cve2011
description: |
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
reference:
- https://www.exploit-db.com/exploits/36493
- https://nvd.nist.gov/vuln/detail/CVE-2011-5252
- https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
classification:
cvss-metrics: CVSS:2.0/(AV:N/AC:M/Au:N/C:P/I:P/A:N)
cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss-score: 5.8
cve-id: CVE-2011-5252
cwe-id: CWE-20
cpe: cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*
cpe: cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
tags: cve,cve2011,redirect,orchard
http:
- method: GET
path:
- "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://www.evil.com%3f"
stop-at-first-match: true
matchers-condition: and
- "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://interact.sh%3f"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$'
- type: status
status:
- 301
- 302
- 307
- 308
condition: or
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'