Skip to content
Nuclei Templates

unilogies/bumsys < v2.0.2 - Clickjacking

ID: CVE-2023-1362

Severity: medium

Author: ctflearner

Tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project

Description

Section titled “Description”

This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.

YAML Source

Section titled “YAML Source”
id: CVE-2023-1362


info:
  name: unilogies/bumsys < v2.0.2 - Clickjacking
  author: ctflearner
  severity: medium
  description: |
    This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
  impact: |
    An attacker can trick users into performing unintended actions on the vulnerable application.
  remediation: |
    Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-1362
    - https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
    - https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
    - https://github.com/ctflearner/ctflearner
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-1362
    cwe-id: CWE-1021
    epss-score: 0.00134
    epss-percentile: 0.48533
    cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: bumsys_project
    product: bumsys
  tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project


http:
  - method: GET
    path:
      - "{{BaseURL}}"


    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200"
          - "!regex('X-Frame-Options', header)"
          - "contains(body, 'BUM</b>Sys</a>')"
        condition: and
# digest: 490a0046304402200b56a5d435421c4fb326367dc89aa3206cd77990538bf6987e88728f0042e83b0220582999644075eb37b448a935092ea1dc9be959001067ef47f2c48163b2b3e841:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-1362.yaml"

View on Github