nuclei-templates/dast/vulnerabilities/xss/reflected-xss.yaml

id: reflected-xss

info:
  name: Reflected Cross-Site Scripting
  author: pdteam,0xKayala,AmirHossein Raeisi
  severity: medium
  metadata:
    max-request: 1
  tags: xss,rxss,dast

variables:
  first: "{{rand_int(10000, 99999)}}"

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      reflection:
        - "'\"><{{first}}>"
        - "'><{{first}}>"
        - "\"><{{first}}>"

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

      - part: path
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{reflection}}"

      - type: word
        part: header
        words:
          - "text/html"
# digest: 490a004630440220696413c6614ef961424a2b74cbbcb1385b62bc10279e9170fe528b8dc40c23fc0220375e3a090facd6e1d59817f7caacba45f49f7fb7fd450525cfa90ae5d3882649:922c64590222798bb761d5b6d8e72950
Added fuzzing templates 2024-03-16 18:44:49 +00:00			`id: reflected-xss`

			`info:`
lint fix 2024-06-05 07:21:31 +00:00			`name: Reflected Cross-Site Scripting`
space fix 2024-07-24 08:51:03 +00:00			`author: pdteam,0xKayala,AmirHossein Raeisi`
Added fuzzing templates 2024-03-16 18:44:49 +00:00			`severity: medium`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`metadata:`
			`max-request: 1`
misc update 2024-03-23 09:32:51 +00:00			`tags: xss,rxss,dast`
Added fuzzing templates 2024-03-16 18:44:49 +00:00
			`variables:`
			`first: "{{rand_int(10000, 99999)}}"`

			`http:`
format update 2024-03-31 19:55:42 +00:00			`- pre-condition:`
Added applicable filters 2024-03-26 07:21:56 +00:00			`- type: dsl`
			`dsl:`
			`- 'method == "GET"'`
Added fuzzing templates 2024-03-16 18:44:49 +00:00
			`payloads:`
			`reflection:`
updated payloads 2024-06-14 13:37:34 +00:00			`- "'\"><{{first}}>"`
			`- "'><{{first}}>"`
			`- "\"><{{first}}>"`
Added fuzzing templates 2024-03-16 18:44:49 +00:00
			`fuzzing:`
			`- part: query`
			`type: postfix`
			`mode: single`
			`fuzz:`
			`- "{{reflection}}"`

Update reflected-xss.yaml 2024-07-22 18:59:14 +00:00			`- part: path`
			`type: postfix`
			`mode: single`
			`fuzz:`
			`- "{{reflection}}"`

Added fuzzing templates 2024-03-16 18:44:49 +00:00			`stop-at-first-match: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "{{reflection}}"`

			`- type: word`
			`part: header`
			`words:`
updated payloads 2024-06-14 13:37:34 +00:00			`- "text/html"`
chore: sign templates 🤖 2024-08-14 04:19:25 +00:00			`# digest: 490a004630440220696413c6614ef961424a2b74cbbcb1385b62bc10279e9170fe528b8dc40c23fc0220375e3a090facd6e1d59817f7caacba45f49f7fb7fd450525cfa90ae5d3882649:922c64590222798bb761d5b6d8e72950`