Update CVE-2022-43015.yaml
parent
5955a1e693
commit
f3c6ac7731
|
@ -8,7 +8,11 @@ info:
|
||||||
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
|
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43015
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43015
|
||||||
tags: xss,cve,2022
|
- https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: title:"OpenCATS"
|
||||||
|
tags: cve,cve2022,xss,opencats
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -28,10 +32,18 @@ requests:
|
||||||
cookie-reuse: true
|
cookie-reuse: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '<script>alert(document.domain)</script>'
|
||||||
|
- 'CATS='
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- '<script>alert(document.cookie)</script>'
|
|
||||||
|
|
Loading…
Reference in New Issue