Merge pull request #7597 from projectdiscovery/CVE-2022-29153-fixed

Fixed CVE-2022-29153
2023-07-02 22:28:45 +05:30 · 2023-07-02 22:28:45 +05:30 · f7b66a72ed
parent fb4a56b984 86657e1304
commit f7b66a72ed
1 changed files with 9 additions and 14 deletions
--- a/http/cves/2022/CVE-2022-29153.yaml
+++ b/http/cves/2022/CVE-2022-29153.yaml
@ -22,24 +22,21 @@ info:
    max-request: 1
    shodan-query: title:"Consul by HashiCorp"
    verified: true
-  tags: cve,cve2022,consul,hashicorp,ssrf
+  tags: cve,cve2022,consul,hashicorp,ssrf,intrusive

 http:
  - raw:
-      - |
+      - | # register safe test node
        PUT /v1/agent/check/register HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

-        {
-         "id": "{{randstr}}",
-         "name": "{{randstr}}",
-         "method": "GET",
-         "http": "/dev/null",
-         "interval": "10s",
-         "timeout": "1s",
-         "disable_redirects": true
-        }
+        {"id":"{{randstr}}","name":"TEST NODE","method":"GET","http":"http://example.com","interval":"10s","timeout":"1s","disable_redirects":true}
+
+      - | # deregister test node
+        PUT /v1/agent/check/deregister/{{randstr}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json

    matchers-condition: and
    matchers:
@ -50,6 +47,4 @@ http:

      - type: status
        status:
-          - 400
-
-# Enhanced by md on 2023/04/07
+          - 400