daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: misconfiguration/akamai/akamai-s3-cache-poisoning.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-08 14:22:04 -05:00
parent 149702beb5
commit 1a8f69a8c2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
misconfiguration/akamai/akamai-s3-cache-poisoning.yaml
View File

@ -1,9 +1,10 @@
id: akamai-s3-cache-poisoning id: akamai-s3-cache-poisoning
info: info:
name: Akamai / S3 Cache Poisoning - Stored Cross-Site Scripting name: Akamai/Amazon S3 - Stored Cross-Site Scripting
author: DhiyaneshDk author: DhiyaneshDk
severity: high severity: high
description: Akamai/Amazon S3 contains a stored cross-site scripting vulnerability generated by cache poisoning capability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can further allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference: reference:
- https://web.archive.org/web/20230101082612/https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/ - https://web.archive.org/web/20230101082612/https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/
- https://owasp.org/www-community/attacks/Cache_Poisoning - https://owasp.org/www-community/attacks/Cache_Poisoning
@ -62,3 +63,5 @@ requests:
- 'contains(body_2, "alert(document.domain)")' - 'contains(body_2, "alert(document.domain)")'
- 'status_code_2 == 200' - 'status_code_2 == 200'
condition: and condition: and
# Enhanced by md on 2023/03/08