From 5397ebda38269824ea4340194cc4a97b7497ff6f Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sun, 18 Sep 2022 18:08:35 +0900 Subject: [PATCH 1/2] Create CVE-2015-2863.yaml --- CVE-2015-2863.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 CVE-2015-2863.yaml diff --git a/CVE-2015-2863.yaml b/CVE-2015-2863.yaml new file mode 100644 index 0000000000..76ebce3df4 --- /dev/null +++ b/CVE-2015-2863.yaml @@ -0,0 +1,28 @@ +id: CVE-2015-2863 + +info: + name: Kaseya Virtual System Administrator - Open Redirect + author: 0x_Akoko + severity: low + description: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + reference: + - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt + - https://www.cvedetails.com/cve/CVE-2015-2863 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-2863 + cwe-id: CWE-601 + tags: cve,cve2015,redirect,kaseya + +requests: + - method: GET + path: + - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://example.com' + - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://example.com' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 From 63a03c75cf6521a7f8a591583422a432ceaddd02 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 14 Mar 2023 14:31:20 +0530 Subject: [PATCH 2/2] Update and rename CVE-2015-2863.yaml to cves/2015/CVE-2015-2863.yaml --- CVE-2015-2863.yaml => cves/2015/CVE-2015-2863.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) rename CVE-2015-2863.yaml => cves/2015/CVE-2015-2863.yaml (59%) diff --git a/CVE-2015-2863.yaml b/cves/2015/CVE-2015-2863.yaml similarity index 59% rename from CVE-2015-2863.yaml rename to cves/2015/CVE-2015-2863.yaml index 76ebce3df4..df0469af47 100644 --- a/CVE-2015-2863.yaml +++ b/cves/2015/CVE-2015-2863.yaml @@ -4,7 +4,8 @@ info: name: Kaseya Virtual System Administrator - Open Redirect author: 0x_Akoko severity: low - description: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + description: | + Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. reference: - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt - https://www.cvedetails.com/cve/CVE-2015-2863 @@ -18,11 +19,12 @@ info: requests: - method: GET path: - - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://example.com' - - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://example.com' + - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me' + - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me' + stop-at-first-match: true matchers: - type: regex part: header regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1