Basic XSS Prober - Cross-Site Scripting (basic-xss-prober) found on honey.scanme.sh

[mkrs2404]

Details: basic-xss-prober matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e

Timestamp: Tue Apr 30 19:28:54 +0530 IST 2024

Template Information

Key	Value
Name	Basic XSS Prober - Cross-Site Scripting
Authors	nadino, geeknik
Tags	xss, generic
Severity	low
Description	A cross-site scripting vulnerability was discovered via generic testing. Manual testing is needed to verify exploitation.

Request

GET /%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 262
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:54 GMT

GET /a'"><injectable> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36' 'https://honey.scanme.sh/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e'

---

Generated by Nuclei v3.2.5