Update basic-xss-prober.yaml

Hoping to cut down on false positives by ignoring reflections from JSON API endpoints
2020-11-02 15:04:05 +00:00 · 2020-11-02 15:04:05 +00:00 · 5e911f5cd9
parent b239b4ff56
commit 5e911f5cd9
1 changed files with 7 additions and 1 deletions
--- a/generic-detections/basic-xss-prober.yaml
+++ b/generic-detections/basic-xss-prober.yaml
@ -2,7 +2,7 @@ id: basic-xss-prober

 info:
  name: Basic XSS Prober
-  author: nadino
+  author: nadino & geeknik
  severity: low

  # Basic XSS prober
@ -12,7 +12,13 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"
+    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
+        part: body
+      - type: word
+        words:
+          - "text/html"
+        part: header