id: CVE-2009-0347

info:
  name: Autonomy Ultraseek - Open Redirect
  author: ctflearner
  severity: medium
  description: |
    Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
  remediation: |
    Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2009-0347
    - https://www.exploit-db.com/exploits/32766
    - https://www.kb.cert.org/vuls/id/202753
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/48336
    - http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
    cvss-score: 5.8
    cve-id: CVE-2009-0347
    cwe-id: CWE-59
    epss-score: 0.10982
    epss-percentile: 0.94502
    cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: autonomy
    product: ultraseek
  tags: cve,cve2009,redirect,autonomy

http:
  - method: GET
    path:
      - "{{BaseURL}}/cs.html?url=http://www.interact.sh"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

# digest: 4b0a00483046022100a4fb3f1f26e87549a0346537c99aac620c444f3b5891bab7a6d3afe485bc1275022100bf9e4887170099ded1d09e00598d4198eeeac39adfd93f6b4062a183ddedbdff:922c64590222798bb761d5b6d8e72950