create check for cve-2019-2578
parent
bbbd7909ee
commit
41464ac737
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2019-2578
|
||||
|
||||
info:
|
||||
name: Broken Access Control Oracle WebCenter Sites
|
||||
author: leovalcante
|
||||
severity: high
|
||||
description: Check cve-2019-2578 for Oracle WebCenter Sites.
|
||||
reference: https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
|
||||
tags: oracle,webcenter sites,wcs,broken access control
|
||||
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
|
||||
Host: {{BaseURL}}
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
- |
|
||||
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
|
||||
Host: {{BaseURL}}
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
redirects: false
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- '<script[\d\D]*<throwexception/>'
|
||||
part: body
|
||||
stop-at-first-match: true
|
Loading…
Reference in New Issue