Merge branch 'master' into 1776259684-vpatch-CVE-2026-1603

buixor · web-flow · commit bd128f2df2c1 · 2026-04-17T09:20:34.000+02:00
diff --git a/.appsec-tests/vpatch-CVE-2023-24000/CVE-2023-24000.yaml b/.appsec-tests/vpatch-CVE-2023-24000/CVE-2023-24000.yaml
@@ -0,0 +1,18 @@
+## autogenerated on 2026-03-30 12:50:01
+id: CVE-2023-24000
+info:
+  name: CVE-2023-24000
+  author: crowdsec
+  severity: info
+  description: CVE-2023-24000 testing
+  tags: appsec-testing
+http:
+  - raw:
+      - |
+        GET /wp-json/wp/v2/gamipress-logs?trigger_type[]=test')%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(6)))x)%20AND%20('a'='a HTTP/1.1
+        Host: {{Hostname}}
+    cookie-reuse: true
+    matchers:
+    - type: status
+      status:
+       - 403
diff --git a/.appsec-tests/vpatch-CVE-2023-24000/config.yaml b/.appsec-tests/vpatch-CVE-2023-24000/config.yaml
@@ -0,0 +1,5 @@
+## autogenerated on 2026-03-30 12:50:01
+appsec-rules:
+  - ./appsec-rules/crowdsecurity/base-config.yaml
+  - ./appsec-rules/crowdsecurity/vpatch-CVE-2023-24000.yaml
+nuclei_template: CVE-2023-24000.yaml
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -33,9 +33,9 @@ jobs:
           go-version-file: waf-check/go.mod
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
         with:
-          version: v2.5
+          version: v2.10
           args: --issues-exit-code=1 --timeout 10m
           only-new-issues: false
           working-directory: waf-check
diff --git a/.github/workflows/test_appsec_rules.yaml b/.github/workflows/test_appsec_rules.yaml
@@ -31,7 +31,7 @@ jobs:
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
-        go-version: '1.25'
+        go-version: '1.26'
     - name: Install requirements
       run: |
         sudo apt update
diff --git a/.index.json b/.index.json
diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-24000.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-24000.yaml
@@ -0,0 +1,35 @@
+## autogenerated on 2026-03-30 12:50:01
+name: crowdsecurity/vpatch-CVE-2023-24000
+description: 'Detects SQL injection attempts in WordPress GamiPress plugin via trigger_type[] parameter.'
+rules:
+  - and:
+      - zones:
+          - URI
+        transform:
+          - lowercase
+          - urldecode
+        match:
+          type: contains
+          value: /wp-json/wp/v2/gamipress-logs
+      - zones:
+          - ARGS
+        variables:
+          - trigger_type[]
+        transform:
+          - lowercase
+          - urldecode
+        match:
+          type: regex
+          value: "[^a-z0-9_-]"
+
+labels:
+  type: exploit
+  service: http
+  confidence: 3
+  spoofable: 0
+  behavior: 'http:exploit'
+  label: 'GamiPress - SQLI'
+  classification:
+    - cve.CVE-2023-24000
+    - attack.T1190
+    - cwe.CWE-89
diff --git a/blockers.json b/blockers.json
diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml
@@ -48,6 +48,7 @@ appsec-rules:
 - crowdsecurity/vpatch-CVE-2024-5057
 - crowdsecurity/vpatch-CVE-2023-35078
 - crowdsecurity/vpatch-CVE-2023-35082
+- crowdsecurity/vpatch-CVE-2023-24000
 - crowdsecurity/vpatch-CVE-2022-22954
 - crowdsecurity/vpatch-CVE-2024-1212
 - crowdsecurity/vpatch-symfony-profiler
diff --git a/collections/crowdsecurity/appsec-wordpress.yaml b/collections/crowdsecurity/appsec-wordpress.yaml
@@ -6,6 +6,7 @@ appsec-rules:
   - crowdsecurity/vpatch-CVE-2023-2009
   - crowdsecurity/vpatch-CVE-2023-23488
   - crowdsecurity/vpatch-CVE-2023-23489
+  - crowdsecurity/vpatch-CVE-2023-24000
   - crowdsecurity/vpatch-CVE-2023-4634
   - crowdsecurity/vpatch-CVE-2023-6360
   - crowdsecurity/vpatch-CVE-2023-6567
diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
@@ -1533,6 +1533,28 @@
       "CWE-266"
     ]
   },
+  "crowdsecurity/vpatch-CVE-2023-24000": {
+    "name": "crowdsecurity/vpatch-CVE-2023-24000",
+    "description": "Detects SQL injection attempts in WordPress GamiPress plugin via trigger_type[] parameter.",
+    "label": "GamiPress - SQLI",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "created_at": "2026-04-15T15:30:00",
+    "cves": [
+      "CVE-2023-24000"
+    ],
+    "cwes": [
+      "CWE-89"
+    ]
+  },
   "crowdsecurity/vpatch-CVE-2023-24489": {
     "name": "crowdsecurity/vpatch-CVE-2023-24489",
     "description": "Citrix ShareFile RCE (CVE-2023-24489)",
diff --git a/waf-check/go.mod b/waf-check/go.mod
@@ -1,5 +1,5 @@
 module waf-check
 
-go 1.25
+go 1.26
 
 require gopkg.in/yaml.v2 v2.4.0
diff --git a/waf-check/request.go b/waf-check/request.go
@@ -52,12 +52,12 @@ func (r *Request) Curl() string {
 	curlCmd.WriteString("curl -X " + r.Method)
 
 	for key, value := range r.Headers {
-		curlCmd.WriteString(fmt.Sprintf(" -H '%s: %s'", key, value))
+		fmt.Fprintf(&curlCmd, " -H '%s: %s'", key, value)
 	}
 	if r.Method == http.MethodPost || r.Method == http.MethodPut {
-		curlCmd.WriteString(fmt.Sprintf(" -d '%s'", r.Data))
+		fmt.Fprintf(&curlCmd, " -d '%s'", r.Data)
 	}
-	curlCmd.WriteString(fmt.Sprintf(" '%s'", r.FullURL))
+	fmt.Fprintf(&curlCmd, " '%s'", r.FullURL)
 
 	return curlCmd.String()
 }
