Skip to content

New module for CVE 2026 27176 #1599

Open
Aarush289 wants to merge 23 commits into
OWASP:masterfrom
Aarush289:CVE-2026-27176
Open

New module for CVE 2026 27176 #1599
Aarush289 wants to merge 23 commits into
OWASP:masterfrom
Aarush289:CVE-2026-27176

Conversation

@Aarush289

Copy link
Copy Markdown
Contributor

Proposed change

Adds a Nettacker module for detecting CVE-2026-27176 in affected targets
Fixes #1568

Tested against local server
image

Type of change

  • New core framework functionality
  • Bugfix (non-breaking change that fixes an issue)
  • Code refactoring without any functionality changes
  • New or existing module/payload change
  • Documentation/localization improvement
  • Test coverage improvement
  • Dependency upgrade
  • Other improvement (best practice, cleanup, optimization, etc)

Checklist

  • I've followed the contributing guidelines
  • I've digitally signed all my commits in this PR
  • I've run make pre-commit and confirm it didn't generate any warnings/changes
  • I've run make test and I confirm all tests passed locally
  • I've added/updated any relevant documentation in the docs/ folder
  • I've linked this PR with an open issue
  • I've tested and verified that my code works as intended and resolves the issue as described
  • I've attached screenshots demonstrating that my code works as intended (if applicable)
  • I've checked all other open PRs to avoid submitting duplicate work
  • I confirm that the code and comments in this PR are not direct unreviewed outputs of AI
  • I confirm that I am the Sole Responsible Author for every line of code, comment, and design decision

@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ccf0a5dc-efa6-46aa-9848-cba4a304a1ed

📥 Commits

Reviewing files that changed from the base of the PR and between 0f63d8c and 3a27479.

📒 Files selected for processing (1)
  • nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml

Summary by CodeRabbit

  • New Features
    • Added a new vulnerability check for a reflected cross-site scripting issue in Majordomo-related targets.
    • Expanded the module list documentation to include the new vulnerability test entry.

Walkthrough

Adds a new Nettacker vulnerability module for MajorDoMo reflected XSS (CVE-2026-27176). The module defines an HTTP GET request to command.php with a crafted qry parameter and validates the reflected payload via status, content-type, and regex checks. The module is also registered in docs/Modules.md.

Changes

MajorDoMo XSS CVE-2026-27176 Module

Layer / File(s) Summary
Vulnerability YAML definition and module docs registration
nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml, docs/Modules.md
Introduces the complete YAML module (majordomo_xss_cve_2026_27176_vuln) with severity/description/reference metadata, an HTTP GET payload targeting command.php?qry= with a reflected XSS string, and response predicates requiring HTTP 200, Content-Type: text/html, and regex matches on the injected <img ... onerror=alert(document.domain)> fragment. Adds the corresponding bullet entry to the Vuln Modules list in docs/Modules.md.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

new module

Suggested reviewers

  • arkid15r
  • securestep9
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and matches the main change: adding a new module for CVE-2026-27176.
Description check ✅ Passed The description clearly states the PR adds a Nettacker module for detecting CVE-2026-27176 and links issue #1568.
Linked Issues check ✅ Passed The module targets command.php with a crafted qry payload and matching logic for reflected XSS, which aligns with #1568.
Out of Scope Changes check ✅ Passed The changes are limited to the new module and its documentation, with no obvious unrelated additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml`:
- Line 55: In the regex pattern for the reflected-XSS vulnerability check, the
parentheses in the payload string `alert(document.domain)` are being interpreted
as regex metacharacters rather than literal characters. Escape these parentheses
by adding backslashes before the opening parenthesis of `alert(` and the closing
parenthesis after `domain` so that the regex treats them as literal characters
to match in the response, ensuring the vulnerability detection does not miss
vulnerable payloads.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f1cd7362-7408-4d53-99dd-1ed274906b11

📥 Commits

Reviewing files that changed from the base of the PR and between 81328dd and f708d01.

📒 Files selected for processing (2)
  • docs/Modules.md
  • nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml

Comment thread nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml Outdated
@securestep9

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@securestep9

Copy link
Copy Markdown
Collaborator

@Aarush289 please test the module properly and validate the regex - my tests against the vulnerable server are failing(this module is not detecting the XSS which is definitely there). Please also consider working on another CVE in the same software CVE-2026-27174 (RCE)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Module-request] CVE-2026-27176

2 participants