28 lines
861 B
YAML
28 lines
861 B
YAML
id: lottie-backdoor
|
|
|
|
info:
|
|
name: Lottie Player - Backdoor
|
|
author: nagli-wiz
|
|
severity: critical
|
|
description: |
|
|
Detectes vulnerable compormised version of lottie-player JS Library that were compormised with a Web3 wallet pop-up backdoor.
|
|
reference:
|
|
- https://github.com/LottieFiles/lottie-player/issues/254
|
|
- https://x.com/galnagli/status/1851779972639363076
|
|
tags: cdn,lottie-player,backdoor,malware
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
redirects: true
|
|
max-redirects: 1
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'lottie-player@2.0.5'
|
|
- 'lottie-player@2.0.6'
|
|
- 'lottie-player@2.0.7'
|
|
# digest: 490a0046304402207bb2217468083778041c214e55efe110e6a69927b86ab8b0fc0953e6ac0ca28c022055af8f186cc52f061b0086cfb9f9d6cded0a1cf44b2b7fd0e0dcc5d664422813:922c64590222798bb761d5b6d8e72950 |