From 02a9efdb9d904f5b49b26fcf2b3f92e7ca5f2503 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 22 Nov 2024 18:28:33 +0000 Subject: [PATCH] Auto Update Nuclei [Fri Nov 22 18:28:33 UTC 2024] :robot: --- plugins/gradio_project/gradio/gradio-lfi.yaml | 19 ++++++++++++++++--- .../gradio_project/gradio/gradio-ssrf.yaml | 15 ++++++++++++++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/plugins/gradio_project/gradio/gradio-lfi.yaml b/plugins/gradio_project/gradio/gradio-lfi.yaml index 1177ebaa7..f33812955 100644 --- a/plugins/gradio_project/gradio/gradio-lfi.yaml +++ b/plugins/gradio_project/gradio/gradio-lfi.yaml @@ -1,11 +1,11 @@ id: gradio-lfi info: - name: Gradio 3.47 – 3.50.2 - Local File Inclusion + name: Gradio 3.47/3.50.2 - Local File Inclusion author: nvn1729 severity: high description: | - Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 – 3.50.2 + Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 / 3.50.2 reference: - https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2 - https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/ @@ -22,7 +22,20 @@ info: vendor: gradio_project tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr +flow: http(1) && http(2) + http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_any(tolower(body), "content=\"gradio", "gradio_mode", "gradio-app", "https://gradio.app")' + internal: true + - raw: - | POST /component_server HTTP/1.1 @@ -64,4 +77,4 @@ http: - type: status status: - 200 -# digest: 4b0a0048304602210084e268bcbb7b9a35b5c1948daf05600fa5db9d90d22f05b7bca02ff5cab01d02022100fefb18defe00a340bee9bc96ef55485a5f5602e395cca980c18f9c3b7807a707:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022100daa015cd7e5042881b7cee75d127acaefa7791284d40b235a1ff15d8f852c913022014f6f1da56c8c8f8f6ae397a2a00b147eaa7f84a604baf3a0c3f378ed50c4bfb:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/plugins/gradio_project/gradio/gradio-ssrf.yaml b/plugins/gradio_project/gradio/gradio-ssrf.yaml index c6066bc9e..332c6965c 100644 --- a/plugins/gradio_project/gradio/gradio-ssrf.yaml +++ b/plugins/gradio_project/gradio/gradio-ssrf.yaml @@ -22,7 +22,20 @@ info: vendor: gradio_project tags: cve,cve2024,unauth,gradio,ssrf +flow: http(1) && http(2) + http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_any(tolower(body), "content=\"gradio", "gradio_mode", "gradio-app", "https://gradio.app")' + internal: true + - raw: - | POST /component_server HTTP/1.1 @@ -58,4 +71,4 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100a57d4c461cd62ed8750d9c45f036bbcc01a6f7fb3c689f903bbb89d289a499ce022100f6abf408f1f3f89b7ec854d6bc298fd3f3d18e9c11680a224cd72ea773545d15:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a004730450220632cf4812e35cb5873b14dfaa6f2c6b0b46f1b066cb37f743893653c7c288364022100e373ac088635bf24e56fc549a461d34f5e6f48c7907a69f07cff242debf4f81e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file