Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "IBM Eclipse Help System - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the IBM Eclipse Help System. This module targets versions 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.
This module was authored by pikpikcu.
A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to various attacks, such as stealing sensitive information, session hijacking, or delivering malware to unsuspecting users.
The "IBM Eclipse Help System - Cross-Site Scripting" module works by sending a GET request to the "/help/index.jsp" endpoint with a specific query parameter that contains a malicious script. It then checks the response for specific conditions to determine if the vulnerability is present.
Matching conditions:
- The response status must be 200. - The response body must contain the string "<script>alert(document.cookie)</script>". - The response header must contain the string "text/html".If all of these conditions are met, the module reports the presence of the cross-site scripting vulnerability in the IBM Eclipse Help System.