id: basic-xss-prober

info:
  name: Basic XSS Prober - Cross-Site Scripting
  author: nadino,geeknik
  severity: low
  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
  # Basic XSS prober
  # Manual testing needed for exploitation
  metadata:
    max-request: 1
  tags: xss,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100da0d7ddbb8a6ad2fb451fc4ca6d957d06b7fda404ff1e41c443865abfffc40ee022054e97de3bbe455dd05e4b756b8b4749842b38f973645eece0b047775512cafe4:922c64590222798bb761d5b6d8e72950