Auto Update Nuclei [Fri Nov 22 18:28:33 UTC 2024] :robot:

0x727 · Nov 22, 2024 · 02a9efd · 02a9efd
1 parent 5873818
commit 02a9efd
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/plugins/gradio_project/gradio/gradio-lfi.yaml b/plugins/gradio_project/gradio/gradio-lfi.yaml
@@ -1,11 +1,11 @@
 id: gradio-lfi
 
 info:
-  name: Gradio 3.47 – 3.50.2 - Local File Inclusion
+  name: Gradio 3.47/3.50.2 - Local File Inclusion
   author: nvn1729
   severity: high
   description: |
-    Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 – 3.50.2
+    Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 / 3.50.2
   reference:
     - https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
     - https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
@@ -22,7 +22,20 @@ info:
     vendor: gradio_project
   tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_any(tolower(body), "content=\"gradio", "gradio_mode", "gradio-app", "https://gradio.app")'
+        internal: true
+
   - raw:
       - |
         POST /component_server HTTP/1.1
@@ -64,4 +77,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210084e268bcbb7b9a35b5c1948daf05600fa5db9d90d22f05b7bca02ff5cab01d02022100fefb18defe00a340bee9bc96ef55485a5f5602e395cca980c18f9c3b7807a707:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100daa015cd7e5042881b7cee75d127acaefa7791284d40b235a1ff15d8f852c913022014f6f1da56c8c8f8f6ae397a2a00b147eaa7f84a604baf3a0c3f378ed50c4bfb:922c64590222798bb761d5b6d8e72950
diff --git a/plugins/gradio_project/gradio/gradio-ssrf.yaml b/plugins/gradio_project/gradio/gradio-ssrf.yaml
@@ -22,7 +22,20 @@ info:
     vendor: gradio_project
   tags: cve,cve2024,unauth,gradio,ssrf
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_any(tolower(body), "content=\"gradio", "gradio_mode", "gradio-app", "https://gradio.app")'
+        internal: true
+
   - raw:
       - |
         POST /component_server HTTP/1.1
@@ -58,4 +71,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a57d4c461cd62ed8750d9c45f036bbcc01a6f7fb3c689f903bbb89d289a499ce022100f6abf408f1f3f89b7ec854d6bc298fd3f3d18e9c11680a224cd72ea773545d15:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220632cf4812e35cb5873b14dfaa6f2c6b0b46f1b066cb37f743893653c7c288364022100e373ac088635bf24e56fc549a461d34f5e6f48c7907a69f07cff242debf4f81e:922c64590222798bb761d5b6d8e72950