Added new Template for Sentry Instance Detection
parent
2678721174
commit
4d2897536f
|
@ -0,0 +1,22 @@
|
||||||
|
id: Sentry Instance
|
||||||
|
|
||||||
|
# Sentry Instace can be SSRF'd if scrapping is enabled
|
||||||
|
# https://hackerone.com/reports/374737
|
||||||
|
# https://twitter.com/itsecurityguard/status/1127893545619218432?lang=en
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Sentry Instance SSRF
|
||||||
|
author: Sicksec
|
||||||
|
severity: meduim
|
||||||
|
tags: ssrf,sentry
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "https://[0-9a-f]*@[a-z0-9]+\\.[a-z.]+.?[0-9]+"
|
Loading…
Reference in New Issue