search

nachorc87 / vulnerable-web-app

0 stars 0 forks source link

WAF Detection (waf-detect:securesphere) found on https://app-vulnerable2022-imb.herokuapp.com #277

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Details: waf-detect:securesphere matched at https://app-vulnerable2022-imb.herokuapp.com

Protocol: HTTP

Full URL: https://app-vulnerable2022-imb.herokuapp.com/

Timestamp: Fri Oct 7 02:49:59 +0000 UTC 2022

Template Information

Key Value
Name WAF Detection
Authors dwisiswant0, lu4nx
Tags waf, tech, misc
Severity info
Description A web application firewall was detected.
CWE-ID CWE-200
CVSS-Score 0.00

Request

POST / HTTP/1.1
Host: app-vulnerable2022-imb.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
Connection: close
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

_=<script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 140
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 07 Oct 2022 02:49:59 GMT
Server: Cowboy
Set-Cookie: sid=s%3ALGOXHd0DnsNqa9Ogbgi-nwJaesSRTELu.Ufl7AcCWUXpCUI6e5qjBFURsNp5%2FqGNowT63uqXoFio; Path=/; Expires=Sat, 08 Oct 2022 02:49:59 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Powered-By: Express

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST /</pre>
</body>
</html>

References:

CURL Command

curl -X 'POST' -d '_=<script>alert(1)</script>' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Host: app-vulnerable2022-imb.herokuapp.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F' 'https://app-vulnerable2022-imb.herokuapp.com/'

Generated by Nuclei 2.7.7