Basic XSS Prober - Cross-Site Scripting

ID: basic-xss-prober

Severity: low

Author: nadino,geeknik

Tags: xss,generic

Description

A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.

YAML Source

id: basic-xss-prober

info:
  name: Basic XSS Prober - Cross-Site Scripting
  author: nadino,geeknik
  severity: low
  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
  # Basic XSS prober
  # Manual testing needed for exploitation
  metadata:
    max-request: 1
  tags: xss,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e4431c802f151f01ee21b3c590ff1b2a764e23c362e31a7158fb2c55d90ee6d7022100d0beae04e4a5d081a47bbbe1665f1c3c52ddbae5b67751628ae97876ea8d73fb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/generic/basic-xss-prober.yaml"

View on Github