Update and rename wp-athlon-manage-calameo-publications-xss.yaml to calameo-publications-xss.yaml
Prince Chaddha
GitHub
parent
94dcb8f006
commit
5538c251dd
|
|
@ -1,4 +1,4 @@
|
||||||
id: wp-athlon-manage-calameo-publications-xss
|
id: calameo-publications-xss
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
|
name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
|
||||||
|
|
@ -9,10 +9,10 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
|
- https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
|
||||||
- https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
|
- https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
|
||||||
|
- https://wordpress.org/plugins/athlon-manage-calameo-publications/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
tags: wordpress,wp-plugin,xss,unauth
|
tags: wordpress,wp-plugin,xss,wp
|
||||||
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
@ -22,15 +22,14 @@ requests:
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
|
||||||
- '(id\"><script>alert(document.domain)</script>&)'
|
|
||||||
- 'ath_upload_calameo_publication'
|
|
||||||
part: body
|
part: body
|
||||||
|
words:
|
||||||
|
- 'ath_upload_calameo_publication(id\"><script>alert(document.domain)</script>&)'
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
part: header
|
||||||
words:
|
words:
|
||||||
- 'text/html'
|
- 'text/html'
|
||||||
part: header
|
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
Loading…
Reference in New Issue