id: basic-xss-prober

info:
  name: Basic XSS Prober - Cross-Site Scripting
  author: nadino,geeknik
  severity: low
  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
  # Basic XSS prober
  # Manual testing needed for exploitation
  metadata:
    max-request: 1
  tags: xss,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e4431c802f151f01ee21b3c590ff1b2a764e23c362e31a7158fb2c55d90ee6d7022100d0beae04e4a5d081a47bbbe1665f1c3c52ddbae5b67751628ae97876ea8d73fb:922c64590222798bb761d5b6d8e72950