fix matcher and added metadata

patch-1
Dhiyaneshwaran 2023-06-12 16:29:09 +05:30 committed by GitHub
parent 171082cf0e
commit 26f3753bba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 23 deletions

View File

@ -1,46 +1,33 @@
id: CVE-2011-5252
info:
name: Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 - Open Redirect
description: |
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
name: Orchard 'ReturnUrl' Parameter URI - Open Redirect
author: ctflearner
severity: medium
tags:
- Orchard
- Open redirect
- web
- cve2011
description: |
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
reference:
- https://www.exploit-db.com/exploits/36493
- https://nvd.nist.gov/vuln/detail/CVE-2011-5252
- https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
classification:
cvss-metrics: CVSS:2.0/(AV:N/AC:M/Au:N/C:P/I:P/A:N)
cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss-score: 5.8
cve-id: CVE-2011-5252
cwe-id: CWE-20
cpe: cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*
cpe: cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
tags: cve,cve2011,redirect,orchard
http:
- method: GET
path:
- "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://www.evil.com%3f"
- "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://interact.sh%3f"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$'
- type: status
status:
- 301
- 302
- 307
- 308
condition: or
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'