id: sitecore-version

info:
  name: Sitecore version detection
  author: bernardofsr
  severity: info
  reference:
    - https://www.cvedetails.com/vulnerability-list/vendor_id-9609/Sitecore.html
  metadata:
    max-request: 1
  tags: sitecore,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}/sitecore/shell/sitecore.version.xml"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "Sitecore Corporation"
        part: body

    extractors:
      - type: regex
        group: 1
        regex:
          - "<major>([0-9]+)</major>"

      - type: regex
        group: 1
        regex:
          - "<minor>([0-9]+)</minor>"

      - type: regex
        group: 1
        regex:
          - "<build>([0-9]+)</build>"

      - type: regex
        group: 1
        regex:
          - "<revision>([0-9]+)</revision>"

# digest: 4a0a0047304502210088716c595b77a89f541e7eccb401ec7a791f8be721a53410bec7c04ec13dadb70220659bc8c9488c0c78b0bbc20b4c5bcfdd3e90c0bb24342aff2d9439af166bf213:922c64590222798bb761d5b6d8e72950