Update dns-rebinding.yaml
parent
0101076c74
commit
a191f7b00d
|
@ -1,5 +1,4 @@
|
|||
id: dns-rebinding
|
||||
|
||||
id: CVE-2023-29084
|
||||
info:
|
||||
name: DNS Rebinding Attack
|
||||
author: ricardomaia
|
||||
|
@ -20,7 +19,7 @@ dns:
|
|||
- type: regex
|
||||
part: answer
|
||||
regex:
|
||||
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
|
||||
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
@ -28,7 +27,7 @@ dns:
|
|||
name: IPv4
|
||||
group: 1
|
||||
regex:
|
||||
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
|
||||
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
|
||||
|
||||
- name: "{{FQDN}}"
|
||||
type: AAAA
|
||||
|
@ -37,7 +36,7 @@ dns:
|
|||
- type: regex
|
||||
part: answer
|
||||
regex:
|
||||
- "^IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
@ -45,6 +44,4 @@ dns:
|
|||
name: IPv6_ULA
|
||||
group: 1
|
||||
regex:
|
||||
- "^IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
|
||||
# digest: 4a0a004730450221009a895344f0f4bf8d0444566a7a2392d2074708d88d29a0922ebb71935290785702200a338fe1517c225d45750b08f80f3a903cd5925a32c542b5559f0202173732be:922c64590222798bb761d5b6d8e72950
|
||||
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
|
|
Loading…
Reference in New Issue