Update shiro-deserialization-detection.yaml

2023-10-08 07:31:39 +08:00 · 2023-10-08 07:31:39 +08:00 · 425565567a
parent 9b929ca85c
commit 425565567a
1 changed files with 7 additions and 1 deletions
--- a/http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml
+++ b/http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml
@ -2,7 +2,7 @@ id: shiro-deserialization-detection

 info:
  name: Shiro <= 1.2.4 Deserialization Detection
-  author: hotpot
+  author: hotpot,j4vaovo
  severity: unknown
  description: |
    This template is designed to detect the Shiro framework's default key vulnerabilities. It leverages 51 built-in Shiro keys to probe for potential vulnerabilities.
@ -29,9 +29,15 @@ http:

    req-condition: true
    stop-at-first-match: true
+    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(header_1, "Set-Cookie") && (contains(header_1, "rememberMe=") || contains(header_1, "=deleteMe"))'
          - '!contains(header_2, "rememberMe=") && !contains(header_2, "=deleteMe")'
        condition: and
+
+      - type: dsl # WAF Block Page
+        dsl:
+          - '!contains(body_2, "<p>当前访问疑似黑客攻击，已被网站管理员设置拦截并记录</p>")'
+        condition: and