Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Discourse - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#xss#discourse
Description

What is "Discourse - Cross-Site Scripting?"

The "Discourse - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Discourse software. Discourse is a popular platform for online discussions and community forums. This module focuses on identifying and reporting instances of cross-site scripting, which can allow attackers to execute arbitrary scripts and potentially steal authentication credentials.

This vulnerability is classified as CWE-79 and has a severity rating of high. It is important to address this vulnerability promptly to prevent potential security breaches.

This module was authored by madrobot.

Impact

A successful exploitation of the cross-site scripting vulnerability in Discourse can have serious consequences. Attackers can execute malicious scripts within the context of the affected website, potentially compromising user data, stealing sensitive information, or launching further attacks.

How the module works?

The "Discourse - Cross-Site Scripting" module works by sending HTTP requests to the targeted Discourse installation and analyzing the responses for specific conditions. It checks for the presence of the vulnerability by looking for certain patterns in the response body and headers.

For example, one of the HTTP requests sent by this module is:

GET /email/[email protected]%27\\%22%3E%3Csvg/onload=alert(/xss/)%3E HTTP/1.1

The module then applies matching conditions to the response to determine if the vulnerability is present. These conditions include:

- Checking that the response status is 200 (indicating a successful request) - Verifying that the response body contains the string "<svg/onload=alert(/xss/)>" - Ensuring that the response headers include the string "text/html"

If all of these conditions are met, the module will report the presence of the cross-site scripting vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/email/unsubscribed?...
Matching conditions
status: 200and
word: <svg/onload=alert(/xss/)>and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability