daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matcher to regex

patch-11
Ritik Chaddha 2024-09-10 14:04:21 +04:00 committed by GitHub
parent af674e92c5
commit cbafd06764
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
http/cves/2024/CVE-2024-8517.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2024-8517 id: CVE-2024-8517
info: info:
name: SPIP BigUp Plugin - Unauthenticated Remote Code Execution name: SPIP BigUp Plugin - Remote Code Execution
author: DhiyaneshDk author: DhiyaneshDk
severity: critical severity: critical
description: | description: |
@ -24,7 +24,7 @@ info:
max-request: 2 max-request: 2
shodan-query: http.favicon.hash:-1224668706 shodan-query: http.favicon.hash:-1224668706
fofa-query: "X-Spip-Cache" fofa-query: "X-Spip-Cache"
tags: cve,cve2024,intrusive,spip,unauth tags: cve,cve2024,intrusive,spip,rce
flow: http(1) && http(2) flow: http(1) && http(2)
@ -54,9 +54,9 @@ http:
part: body part: body
group: 1 group: 1
name: formulaire name: formulaire
internal: true
regex: regex:
- name=['"]formulaire_action_args['"]\s*type=['"]hidden['"]\s*value=['"]([^'"]+)['"] - name=['"]formulaire_action_args['"]\s*type=['"]hidden['"]\s*value=['"]([^'"]+)['"]
internal: true
- raw: - raw:
- | - |
@ -105,12 +105,10 @@ http:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: regex
part: body part: body
words: regex:
- "uid=" - "uid=[0-9]+.*gid=[0-9]+.*"
- "gid"
condition: and
- type: status - type: status
status: status: