Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

HTTPBin - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#xss#httpbin#oss
Description

What is "HTTPBin - Cross-Site Scripting?"

The "HTTPBin - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the HTTPBin software. This vulnerability can allow an attacker to execute arbitrary scripts, potentially leading to unauthorized access or data theft. The severity of this vulnerability is classified as high.

This module was authored by Adam Crosser.

Impact

If exploited, the cross-site scripting vulnerability in HTTPBin can enable an attacker to execute malicious scripts on the targeted system. This can lead to various consequences, such as stealing sensitive information, manipulating user sessions, or performing unauthorized actions on behalf of the user.

How the module works?

The "HTTPBin - Cross-Site Scripting" module works by sending HTTP requests to the target system and then applying matching conditions to identify the presence of the vulnerability. The module uses the following matching conditions:

- Body Regex: The module checks if the response body matches the regular expression <script>alert(document.domain)</script>. - Header Word: The module verifies if the response header contains the word "text/html". - Status: The module ensures that the response status is 200 (OK).

If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability.

Here is an example of an HTTP request sent by the module:

GET /base64/PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+

Please note that the above example is encoded for readability purposes.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/base64/PHNjcmlwdD5h...
Matching conditions
regex: ^<script>alert\(document.domain\)</scrip...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability