metadata

http/cves/2005/CVE-2005-3634.yaml

@@ -1,11 +1,11 @@
 id: CVE-2005-3634
 
 info:
-  name: BSP runtime in SAP Web Application Server (WAS) v6.10 through v7.00 - Open Redirect
+  name: SAP Web Application Server 6.x/7.0 - Open Redirection
   author: ctflearner
   severity: medium
   description: |
-    .frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
+    frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
   reference:
     - https://www.exploit-db.com/exploits/26488
     - https://nvd.nist.gov/vuln/detail/CVE-2005-3634
@@ -19,15 +19,18 @@ info:
     cve-id: CVE-2005-3634
     cwe-id: NVD-CWE-Other
     cpe: cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
-  tags: cve,cve2005,sap,redirect,was
+  metadata:
+    max-request: 1
+    shodan-query: html:"SAP Business Server Pages Team"
+  tags: cve,cve2005,sap,redirect,business
 
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.evil.com"
+      - "{{BaseURL}}/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=https%3a%2f%2finteract.sh"
 
     matchers:
       - type: regex
         part: header
         regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$'
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'