Update community/detectors/joomla_cve_2023_23752/src/main/java/com/go…

…ogle/tsunami/plugins/detectors/cves/cve202323752/Cve202323752VulnDetector.java Co-authored-by: Savio Sisco <[email protected]>
google · Nov 22, 2024 · 230203d · 230203d
1 parent c2bad80
commit 230203d
Showing 1 changed file with 20 additions and 12 deletions.
diff --git a/...java/com/google/tsunami/plugins/detectors/cves/cve202323752/Cve202323752VulnDetector.java b/...java/com/google/tsunami/plugins/detectors/cves/cve202323752/Cve202323752VulnDetector.java
@@ -134,19 +134,27 @@ private boolean isServiceVulnerable(NetworkService networkService) {
         return false;
       }
 
-      // check for body values match our detection rules
-      if (appConfHttpResponse.bodyString().get().contains("password")
-          && appConfHttpResponse.bodyString().get().contains("user")) {
+      // Check if body values match our detection rules
+      if (!appConfHttpResponse.bodyString().get().contains("password")
+              || !appConfHttpResponse.bodyString().get().contains("user")) {
+        return false;
+      }
+
+      // Check if body is JSON
+      if (appConfHttpResponse.bodyJson().isEmpty()) {
+        return false;
+      }
+
+      JsonObject jsonResponse = appConfHttpResponse.bodyJson().get().getAsJsonObject();
+      if (!jsonResponse.has("data")) {
+        return false;
+      }
 
-        JsonObject jsonResponse = (JsonObject) appConfHttpResponse.bodyJson().get();
-        if (jsonResponse.keySet().contains("data")) {
-          JsonArray jsonArray = jsonResponse.getAsJsonArray("data");
-          for (int i = 0; i < jsonArray.size(); i++) {
-            if (jsonArray.get(i).getAsJsonObject().keySet().contains("attributes")) {
-              exposedConfig = appConfHttpResponse.bodyString().get();
-              return true;
-            }
-          }
+      JsonArray jsonArray = jsonResponse.getAsJsonArray("data");
+      for (int i = 0; i < jsonArray.size(); i++) {
+        if (jsonArray.get(i).getAsJsonObject().has("attributes")) {
+          exposedConfig = appConfHttpResponse.bodyString().get();
+          return true;
         }
       }
     } catch (NoSuchElementException | IllegalStateException | JsonSyntaxException e) {