SSRF FP Fix (#4670)

* Update CVE-2021-27748.yaml * Update CVE-2021-22873.yaml * Update interactsh-server.yaml * misc fixes * Update CVE-2021-27748.yaml Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-06-28 04:45:56 +05:30 · 2022-06-28 04:45:56 +05:30 · ba8ae02d24
parent c6b69722bc
commit ba8ae02d24
4 changed files with 27 additions and 17 deletions
--- a/cves/2021/CVE-2021-22054.yaml
+++ b/cves/2021/CVE-2021-22054.yaml
@ -31,4 +31,4 @@ requests:

      - type: word
        words:
-          - "<h1> Interactsh Server </h1>"
+          - "Interactsh Server"
--- a/cves/2021/CVE-2021-22873.yaml
+++ b/cves/2021/CVE-2021-22873.yaml
@ -15,7 +15,10 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2021-22873
    cwe-id: CWE-601
-  tags: cve,cve2021,redirect
+  metadata:
+    verified: true
+    shodan-query: http.favicon.hash:106844876
+  tags: cve,cve2021,redirect,revive

 requests:
  - method: GET
@ -30,12 +33,8 @@ requests:
    stop-at-first-match: true
    redirects: true
    max-redirects: 2
-    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-      - type: word
-        words:
-          - "<h1> Interactsh Server </h1>"
-        part: body
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
--- a/cves/2021/CVE-2021-27748.yaml
+++ b/cves/2021/CVE-2021-27748.yaml
@ -11,6 +11,9 @@ info:
    - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
  classification:
    cve-id: CVE-2021-27748
+  metadata:
+    verified: true
+    shodan-query: http.html:"IBM WebSphere Portal"
  tags: cve,cve2021,hcl,ibm,ssrf,websphere

 requests:
@ -24,10 +27,10 @@ requests:
    stop-at-first-match: true
    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-
      - type: word
        words:
-          - "<h1> Interactsh Server </h1>"
+          - "Interactsh Server"
+
+      - type: status
+        status:
+          - 200
--- a/technologies/interactsh-server.yaml
+++ b/technologies/interactsh-server.yaml
@ -4,6 +4,9 @@ info:
  name: Interactsh Server
  author: pdteam
  severity: info
+  metadata:
+    verified: true
+    shodan-query: http.html:"Interactsh Server"
  tags: tech,interactsh

 requests:
@ -11,14 +14,19 @@ requests:
    path:
      - "{{BaseURL}}"

+    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "<h1> Interactsh Server </h1>"
+          - "Interactsh Server"
+
+      - type: status
+        status:
+          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - '<b>(.*)<\/b> server'
-          - 'from <b>(.*)<\/b>'
+          - 'from <b>(.*)<\/b>'