updated matcher to regex

2024-09-10 14:04:21 +04:00 · 2024-09-10 14:04:21 +04:00 · cbafd06764
parent af674e92c5
commit cbafd06764
1 changed files with 6 additions and 8 deletions
--- a/http/cves/2024/CVE-2024-8517.yaml
+++ b/http/cves/2024/CVE-2024-8517.yaml
@ -1,7 +1,7 @@
 id: CVE-2024-8517

 info:
-  name: SPIP BigUp Plugin - Unauthenticated Remote Code Execution
+  name: SPIP BigUp Plugin - Remote Code Execution
  author: DhiyaneshDk
  severity: critical
  description: |
@ -24,7 +24,7 @@ info:
    max-request: 2
    shodan-query: http.favicon.hash:-1224668706
    fofa-query: "X-Spip-Cache"
-  tags: cve,cve2024,intrusive,spip,unauth
+  tags: cve,cve2024,intrusive,spip,rce

 flow: http(1) && http(2)

@ -54,9 +54,9 @@ http:
        part: body
        group: 1
        name: formulaire
-        internal: true
        regex:
          - name=['"]formulaire_action_args['"]\s*type=['"]hidden['"]\s*value=['"]([^'"]+)['"]
+        internal: true

  - raw:
      - |
@ -105,12 +105,10 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
+      - type: regex
        part: body
-        words:
-          - "uid="
-          - "gid"
-        condition: and
+        regex:
+          - "uid=[0-9]+.*gid=[0-9]+.*"

      - type: status
        status: