Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "DedeCMS 5.7 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the DedeCMS 5.7 software. DedeCMS is a popular content management system used for building websites. This vulnerability has a high severity level, indicating the potential for significant impact if exploited. The original author of this module is ritikchaddha.
A cross-site scripting vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. In the case of DedeCMS 5.7, this vulnerability exists in the '/include/dialog/config.php' file. If successfully exploited, an attacker can execute arbitrary scripts in the browser of an unsuspecting user. This can lead to various consequences, such as stealing sensitive information, session hijacking, or defacing the website.
The module works by sending a specific HTTP request to the target website and then analyzing the response. It checks for three matching conditions:
location='../../</script><script>alert(document.domain)</script>'
".
- The response header contains the string "text/html
".
- The response status code is 200 (OK).
If all three conditions are met, the module identifies the presence of the cross-site scripting vulnerability in the target website.
Example HTTP request:
GET /include/dialog/config.php?adminDirHand=%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E HTTP/1.1
Host: example.com
Please note that this description provides a simplified explanation of the module's functionality. The actual module definition contains more detailed JSON definitions and additional matching conditions.