daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create express-xss.yaml

patch-1
Prince Chaddha 2022-12-22 16:35:54 +05:30 committed by GitHub
parent df72420cb0
commit 419aebda71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
file/nodejs/express-xss.yaml Normal file
View File

@ -0,0 +1,48 @@
id: express-xss
info:
name: Express XSS
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted User Input in Response will result in Reflected Cross Site Scripting Vulnerability.
tags: file,nodejs,express,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "function \\($REQ, $RES, ...\\) {...}"
- "function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
- "\\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
- "var \\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}\\;"
- "\\$APP\\.\\$METHOD\\(..., function \\$FUNC\\(\\$REQ, \\$RES, ...\\)"
- "\\$RES\\.write\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
- "\\$RES\\.write\\(..., <... \\$REQ\\.\\$QUERY\\.\\$FOO ...>, ...\\)"
- "\\$RES\\.send\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
- "\\$RES\\.send\\(..., <... \\$REQ\\.\\$QUERY\\.\\$FOO ...>, ...\\)"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY ...>\\;"
- "\\$RES\\.write\\(..., <... $LOCALVAR ...>, ...\\)"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY\\.\\$FOO ...>\\;"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY ...>\\;"
- "var {\\$LOCALVAR} = <... \\$REQ\\.\\$QUERY\\.\\$FOO ...>\\;"
- "\\$RES\\.write\\(..., <... \\$LOCALVAR ...>, ...\\)"
- "var {\\$LOCALVAR} = <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>\\;"
- "\\$RES\\.send\\(..., <... \\$LOCALVAR ...>, ...\\)"
- "var {\\$LOCALVAR} = <... \\$REQ\\.\\$QUERY ...>\\;"
- "\\$LOCALVAR = {\\$KEY: <... \\$REQ\\.\\$QUERY ...>}\\;"
- "\\$LOCALVAR = {\\$KEY: <... \\$REQ\\.\\$QUERY\\.\\$FOO ...>}\\;"
- "\\$LOCALVAR = {\\$KEY: <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>}\\;"
- "\\$LOCALVAR = {\\$KEY: <... \\$REQ\\.\\$QUERY ...>}\\;"
- "\\$LOCALVAR\\.push\\(<... \\$REQ\\.\\$QUERY ...>\\)"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY ...>\\;"
- "\\$ARR\\.push\\(<... \\$LOCALVAR ...>\\)"
- "\\$RES\\.write\\(..., <... \\$ARR ...>, ...\\)"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY ...>\\;"
- "\\$RES\\.send\\(..., <... \\$ARR ...>, ...\\)"
- "\\$RES\\.write\\(..., <... \\$OUT ...>, ...\\)"
- "\\$LOCALVAR = <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>\\;"
- "\\$OUT = <... \\$LOCALVAR ...>\\;"
condition: or