daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔥 Add CVE-2020-15129

patch-1
Dwi Siswanto 2020-09-15 00:31:40 +07:00
parent d0b47926dc
commit e0f4437cdd
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cves/CVE-2020-15129.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2020-15129
info:
name: Open-redirect in Traefik
author: dwisiswant0
severity: medium
description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
requests:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}:8081"
headers:
X-Forwarded-Prefix: "https://foo.nl"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<a href=\"https://foo.nl/dashboard/\">Found</a>"
condition: or
part: body