Merge pull request #2591 from Akokonunes/patch-33

Create CVE-2019-7275.yaml
2021-09-06 14:40:28 +05:30 · 2021-09-06 14:40:28 +05:30 · 2b175d36da
parent 1f403d4ddb 861af1bdc8
commit 2b175d36da
1 changed files with 22 additions and 0 deletions
--- a/cves/2019/CVE-2019-7275.yaml
+++ b/cves/2019/CVE-2019-7275.yaml
@ -0,0 +1,22 @@
+id: CVE-2019-7275
+
+info:
+  name: Open Redirect in Optergy Proton/Enterprise BMS
+  author: 0x_Akoko
+  severity: low
+  reference:
+    - https://packetstormsecurity.com/files/155268/Optergy-Proton-Enterprise-BMS-2.3.0a-Open-Redirect.html
+    - https://applied-risk.com/resources/ar-2019-008
+    - https://cxsecurity.com/issue/WLB-2019110074
+  tags: cve,cve2019,redirect
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/updating.jsp?url=https://example.com/"
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
+        part: header