id: basic-xss-prober

info:
  name: Basic XSS Prober - Cross-Site Scripting
  author: nadino,geeknik
  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
  severity: low
  tags: xss,generic

  # Basic XSS prober
  # Manual testing needed for exploitation

requests:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/09/22