XSS & HTML Injection

patch-1
Dhiyaneshwaran 2023-01-16 23:05:08 +05:30 committed by GitHub
parent f38ee97a34
commit b2799a54c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 14 deletions

View File

@ -17,28 +17,24 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/test<br><br>please%20authenticate<br><br>.childrenlist.html"
- "{{BaseURL}}/test<img src=x data'a'onerror=alert(domain)>.childrenlist.html"
- "{{BaseURL}}/{{rand_base(4)}}<img src=x data'a'onerror=alert(domain)>.childrenlist.html"
- "{{BaseURL}}/{{rand_base(4)}}<br><br>please%20authenticate<br><br>.childrenlist.html"
matchers-condition: and
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
name: xss
words:
- '<img src="x" data onerror="alert(domain)"/>'
- '<br /><br />please authenticate<br /><br />'
condition: or
- 'data-coral-columnview-id'
condition: and
- type: word
part: body
name: html
words:
- '<br /><br />please authenticate<br /><br />'
- 'data-coral-columnview-id'
- type: word
part: content_type
words:
- 'text/html'
- type: status
status:
- 200
condition: and