daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix false positives

patch-4
我会啊D,明小子,御剑 2024-06-16 22:31:29 +08:00 committed by GitHub
parent d05a1cd192
commit c68fc3215f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
http/vulnerabilities/nuxt/nuxt-js-xss.yaml
View File

@ -17,17 +17,20 @@ info:
fofa-query: body="buildAssetsDir" && body="__nuxt"
tags: huntr,xss,nuxtjs,error
variables:
payload: "<script>alert(document.domain)</script>"
http:
- method: GET
path:
- "{{BaseURL}}/__nuxt_error?stack=%0A<script>alert(document.domain)</script>"
- "{{BaseURL}}/__nuxt_error?stack=%0A{{url_encode(payload)}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "{{payload}}"
- "window.__NUXT__"
condition: and