nuclei-templates/dast/vulnerabilities/xss/dom-xss.yaml

52 lines
1.2 KiB
YAML

id: dom-xss
info:
name: DOM Cross Site Scripting
author: theamanrawat,AmirHossein Raeisi
severity: medium
description: |
Detects DOM-based Cross Site Scripting (XSS) vulnerabilities.
impact: |
Allows attackers to execute malicious scripts in the victim's browser.
remediation: |
Sanitize and validate user input to prevent script injection.
tags: xss,dom,dast,headless
variables:
num: "{{rand_int(10000, 99999)}}"
headless:
- steps:
- action: navigate
args:
url: "{{BaseURL}}"
- action: waitload
payloads:
reflection:
- "'\"><h1>{{num}}</h1>"
fuzzing:
- part: query
type: postfix
mode: single
fuzz:
- "{{reflection}}"
- part: path
type: postfix
mode: single
fuzz:
- "{{reflection}}"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<h1>{{num}}</h1>"
- type: word
part: header
words:
- "text/html"
# digest: 490a0046304402206fa5454705d188cf783c45760ad511c36654ac75d130f768f1fb8b89c7eeccc30220394b14b699339d511ec656983ada13c1b84df671dbee5874b1fd854dd692b7a3:922c64590222798bb761d5b6d8e72950