Merge pull request #6310 from arafatansari/patch-114

Create CVE-2022-45917.yaml
2022-12-12 23:10:38 +05:30 · 2022-12-12 23:10:38 +05:30 · 7e6add43c4
parent 3c119108d9 bf41cfb450
commit 7e6add43c4
1 changed files with 30 additions and 0 deletions
--- a/cves/2022/CVE-2022-45917.yaml
+++ b/cves/2022/CVE-2022-45917.yaml
@ -0,0 +1,30 @@
+id: CVE-2022-45917
+
+info:
+  name: ILIAS eLearning platform <= 7.15 - Open Redirect
+  author: arafatansari
+  severity: medium
+  description: |
+    ILIAS before 7.16 has an Open Redirect
+  reference:
+    - https://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.html
+    - https://seclists.org/fulldisclosure/2022/Dec/7
+    - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/
+    - https://github.com/advisories/GHSA-hf6q-rx44-fh6j
+  metadata:
+    verified: true
+    shodan-query: http.html:"ILIAS"
+  tags: cve,cve2022,ilias,redirect
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/shib_logout.php?action=logout&return=https://example.com"
+      - "{{BaseURL}}/ilias/shib_logout.php?action=logout&return=https://example.com"
+
+    stop-at-first-match: true
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'