Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Gnuboard 5 - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#gnuboard#xss#huntr
Description

What is "Gnuboard 5 - Cross-Site Scripting?"

The "Gnuboard 5 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Gnuboard 5 software. Gnuboard 5 is a popular content management system (CMS) used for creating and managing websites. This module focuses on a specific vulnerability related to the $_GET['LGD_OID'] parameter. The severity of this vulnerability is classified as medium, with a CVSS score of 5.4. The module was authored by arafatansari.

Impact

A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to various security risks, including unauthorized access to sensitive information, session hijacking, and the execution of arbitrary code on the victim's browser.

How the module works?

The "Gnuboard 5 - Cross-Site Scripting" module works by sending a specific HTTP request to the target website. The request path includes the vulnerable parameter, LGD_OID, which is injected with a malicious script. The module then checks for specific conditions to determine if the vulnerability is present:

- The response body must contain the string "LGD_OID = <script>alert(document.domain)</script>". - The response headers must include the "text/html" content type. - The response status code must be 200.

If all of these conditions are met, the module reports the presence of the cross-site scripting vulnerability.

For example, the module sends the following HTTP request:

GET /mobile/shop/lg/mispwapurl.php?LGD_OID=%3Cscript%3Ealert(document.domain)%3C/script%3E

It then checks the response for the specified conditions to determine if the vulnerability exists.

For more information, you can refer to the Huntr website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/mobile/shop/lg/misp...
Matching conditions
word: LGD_OID = <script>alert(document.domain)...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability