daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding Unencrypted F5 Cookie disclosure 

Locate F5 Load balancer Persistence cookies, use other tools to decode these cookies to disclose internal IP address and port number of the service.
patch-1
PR3R00T 2020-11-02 21:07:47 +00:00 committed by GitHub
parent 449786eb6b
commit 767492ff09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tokens/unecrypted-bigip-ltm-cookie.yaml Normal file
View File

@ -0,0 +1,18 @@
id: unecrypted-bigip-ltm-cookie
info:
name: F5 BIGIP Unecrypted Cookie
author: PR3R00T
severity: low
requests:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
matchers:
- type: regex
regex:
- '(BIGipServer[a-z\_\.\-\~0-9A-Z]*)=([0-9a-zA-Z\.]*;)'
- '=[0-9]*\.[0-9]{3,5}\.[0-9]{4};'
part: header