id: CVE-2024-10908

info:
  name: FastChat - Open Redirect
  author: DhiyaneshDK
  severity: medium
  description: |
    Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs.
  impact: |
    Unauthenticated attackers can redirect users to malicious URLs, potentially facilitating phishing attacks or credential harvesting.
  remediation: |
    Update FastChat to a version newer than 0.2.36.
  reference:
    - https://huntr.com/bounties/61f5e725-5579-4d08-8a88-e4ba04e6d1f2
  classification:
    epss-score: 0.01186
    epss-percentile: 0.79283
  metadata:
    shodan-query: html:"Chatbot Arena"
    verified: true
    max-request: 1
  tags: cve,cve2024,fastchat,redirect,oss,chatbot,areana,vuln

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body,"lm-sys/FastChat/")'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/file=https://interact.sh"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4a0a0047304502203001361e827da9fe471929f47987f6c40cc18054d7b8f3c74cbcffcf4c26f6e9022100d16fd2428b8017908ab969698e8089b4629ef8e4cfd9ea0de026e5b3acf072f1:922c64590222798bb761d5b6d8e72950