id: laravel-ignition-xss info: name: Laravel Ignition XSS author: 0x_Akoko severity: medium reference: - https://www.acunetix.com/vulnerabilities/web/laravel-ignition-reflected-cross-site-scripting/ - https://github.com/facade/ignition/issues/273 tags: laravel,xss,ignition requests: - method: GET path: - "{{BaseURL}}/_ignition/scripts/-->" matchers-condition: and matchers: - type: word part: body words: - "Undefined index: --> in file" - type: status status: - 500 - type: word part: header words: - "text/html"