basic-xss-prober: Basic XSS Prober - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: Basic XSS Prober | POC: 已公开

漏洞描述

A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.

PoC代码[已公开]

id: basic-xss-prober

info:
  name: Basic XSS Prober - Cross-Site Scripting
  author: nadino,geeknik
  severity: low
  description: A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.
  # Basic XSS prober
  # Manual testing needed for exploitation
  metadata:
    max-request: 1
  tags: xss,generic,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"><injectable>"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200
# digest: 490a00463044022062f3076bedb228eed9471e1d4435dde291a9ec5f4a0d077d492a19984511fd060220747c91fdc1b38cca7233c6efb9284c5cf4ca4204bcda47d64268b81a815a6d5c:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/generic/basic-xss-prober.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐