diff --git a/http/cves/2022/CVE-2022-23102.yaml b/http/cves/2022/CVE-2022-23102.yaml index 066a97a54e..e8c824c6a1 100644 --- a/http/cves/2022/CVE-2022-23102.yaml +++ b/http/cves/2022/CVE-2022-23102.yaml @@ -1,7 +1,7 @@ id: CVE-2022-23102 info: name: SINEMA Remote Connect Server < V2.0 - Open Redirect - author: ctflearner + author: ctflearner,ritikchaddha severity: medium description: | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. @@ -22,12 +22,31 @@ info: tags: cve,cve2022,redirect,sinema http: - - method: GET - path: - - "{{BaseURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh" + - raw: + - | + GET /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1 + Host: {{Hostname}} + + - | + POST /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Cookie: csrftoken={{csrf}}; + Referer: {{BaseURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh + + csrfmiddlewaretoken={{csrf}}&utcoffset=330&username={{username}}&password={{password}} matchers: - type: regex - part: header + part: header_2 regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' + + extractors: + - type: regex + name: csrf + part: body + group: 1 + regex: + - "name='csrfmiddlewaretoken' value='(.*)' />" + internal: true