Merge pull request #7800 from j4vaovo/patch-2

fix nginx-module-vts-xss false-positive

.nuclei-ignore

@@ -28,4 +28,3 @@ files:
   - http/cves/2020/CVE-2020-2036.yaml
   - http/cves/2020/CVE-2020-28351.yaml
   - http/vulnerabilities/oracle/oracle-ebs-xss.yaml
-  - http/vulnerabilities/other/nginx-module-vts-xss.yaml

http/vulnerabilities/other/nginx-module-vts-xss.yaml

@@ -2,7 +2,7 @@ id: nginx-module-vts-xss
 
 info:
   name: Nginx Virtual Host Traffic Status Module - Cross-Site Scripting
-  author: madrobot
+  author: madrobot,j4vaovo
   severity: high
   description: Nginx Virtual Host Traffic Status Module contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
   reference:
@@ -13,25 +13,28 @@ info:
     cwe-id: CWE-79
   tags: nginx,xss,status
   metadata:
-    max-request: 1
+    max-request: 2
 
 http:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E"
+        GET /_404_%3E%3Cscript%3Ealert(1337)%3C%2Fscript%3E HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /status%3E%3Cscript%3Ealert(7331)%3C%2Fscript%3E HTTP/1.1
+        Host: {{Hostname}}
 
     matchers-condition: and
     matchers:
-      - type: status
+      - type: dsl
-        status:
+        dsl:
-          - 200
+          - "status_code_2 == 200"
+          - "contains(header_2, 'text/html')"
+          - "contains(tolower(body_2), '<script>alert(7331)</script>')"
+        condition: and
 
-      - type: word
+      - type: dsl
-        words:
+        dsl:
-          - "<script>alert(31337)</script>"
+          - "!contains(tolower(body_1), '<script>alert(1337)</script>')"
-        part: body
+        condition: and
-
-      - type: word
-        words:
-          - "text/html"
-        part: header