forked from adysec/nuclei_poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdrupal_module-navbar-cross-site-scripting.yaml
58 lines (53 loc) · 1.85 KB
/
drupal_module-navbar-cross-site-scripting.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
id: drupal_module-navbar-cross-site-scripting
info:
name: drupal_module-navbar-cross-site-scripting
author: Bishopfox
severity: medium
description: "This module provides a very simple, mobile-friendly navigation toolbar. The module doesnt sufficiently check for user-provided input. This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default Filtered HTML format) that wont filter out the exploit code."
reference:
- https://www.drupal.org/sa-contrib-2022-011
metadata:
security-risk: "Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default"
vulnerability: "cross-site-scripting"
fofa-query: "/sites/all/modules/navbar/"
google-query: "inurl:'/sites/all/modules/navbar/"
impact: medium
type: indicator
created_at: '0001-01-01T00:00:00Z'
tags: drupal
http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/sites/all/modules/navbar/navbar.info"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: status
status:
- 200
- type: word
words:
- 'navbar'
part: body
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: dsl
dsl:
- compare_versions(version, '7.x-1.7')
- compare_versions(version, '7.x-1.6')
- compare_versions(version, '7.x-1.5')
- compare_versions(version, '7.x-1.4')
- compare_versions(version, '7.x-1.3')
- compare_versions(version, '7.x-1.2')
- compare_versions(version, '7.x-1.1')
- compare_versions(version, '7.x-1.0')