id: basic-xss-prober

info:
  name: Basic XSS Prober
  author: nadino & geeknik
  severity: low

  # Basic XSS prober
  # Manual testing needed for exploitation

requests:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "application/json"
        part: header
        negative: true