Merge pull request #13732 from matejsmycka/xss

Update xss prober
2026-01-31 15:53:33 +08:00 · 2025-11-06 11:34:21 +05:30
parent b898967785 74e4ae5084
commit 84274828cf
2 changed files with 45 additions and 34 deletions
--- a/http/vulnerabilities/generic/basic-xss-prober.yaml
+++ b/http/vulnerabilities/generic/basic-xss-prober.yaml
@@ -1,34 +0,0 @@
-id: basic-xss-prober
-
-info:
-  name: Basic XSS Prober - Cross-Site Scripting
-  author: nadino,geeknik
-  severity: low
-  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
-  # Basic XSS prober
-  # Manual testing needed for exploitation
-  metadata:
-    max-request: 1
-  tags: xss,generic,vuln
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "\"><injectable>"
-        part: body
-
-      - type: word
-        words:
-          - "text/html"
-        part: header
-
-      - type: status
-        status:
-          - 200
-# digest: 490a00463044022062f3076bedb228eed9471e1d4435dde291a9ec5f4a0d077d492a19984511fd060220747c91fdc1b38cca7233c6efb9284c5cf4ca4204bcda47d64268b81a815a6d5c:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/generic/xss-uri-reflected.yaml
+++ b/http/vulnerabilities/generic/xss-uri-reflected.yaml
@@ -0,0 +1,45 @@
+id: xss-uri-reflected
+
+info:
+  name: Reflected XSS
+  author: nadino,geeknik,matejsmycka
+  severity: low
+  description: |
+    Reflected cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
+  metadata:
+    max-request: 1
+  tags: xss,generic,vuln
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/a%22%3E%3Cinjectable%3E"
+      - "{{BaseURL}}/a%27%3E%3Cinjectable%3E"
+
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "\"><injectable>"
+          - "'><injectable>"
+        condition: or
+
+      - type: word
+        part: content_type
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        condition: or
+        words:
+          - "<title>Access Denied</title>"
+          - "You don't have permission to access"
+        negative: true