update: addeventlistener-detect

2022-02-03 12:15:15 +07:00 · 2022-02-03 12:15:15 +07:00 · c727898abe
parent da4f359316
commit c727898abe
1 changed files with 6 additions and 6 deletions
--- a/miscellaneous/addeventlistener-detect.yaml
+++ b/miscellaneous/addeventlistener-detect.yaml
@ -1,8 +1,8 @@
 id: addeventlistener-detect

 info:
-  name: AddEventlistener detection
-  author: yavolo
+  name: DOM EventListener detection
+  author: yavolo, dwisiswant0
  severity: info
  tags: xss,misc
  reference: https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
@ -10,10 +10,10 @@ info:
 requests:
  - method: GET
    path:
-      - '{{BaseURL}}'
+      - "{{BaseURL}}"

    matchers:
-      - type: word
+      - type: regex
        part: body
-        words:
-          - 'window.addEventListener('
+        regex:
+          - (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118