id: reflected-xss

info:
  name: Reflected Cross-Site Scripting
  author: pdteam,0xKayala
  severity: medium
  metadata:
    max-request: 1
  tags: xss,rxss,dast

variables:
  first: "{{rand_int(10000, 99999)}}"

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      reflection:
        - "'\"><{{first}}>"
        - "'><{{first}}>"
        - "\"><{{first}}>"

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{reflection}}"

      - type: word
        part: header
        words:
          - "text/html"
# digest: 4b0a00483046022100fe9d1b6a33bc101017c0dabac57b282164ad7a316747fb641b1be7dd534178b2022100b1b90ca968e766279c306212b849ce875ae2beaced34248794387b56192c1878:922c64590222798bb761d5b6d8e72950