Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

IBM Eclipse Help System - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#ibm#xss
Description

What is the "IBM Eclipse Help System - Cross-Site Scripting" module?

The "IBM Eclipse Help System - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the IBM Eclipse Help System. This module targets versions 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.

This module was authored by pikpikcu.

Impact

A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to various attacks, such as stealing sensitive information, session hijacking, or delivering malware to unsuspecting users.

How does the module work?

The "IBM Eclipse Help System - Cross-Site Scripting" module works by sending a GET request to the "/help/index.jsp" endpoint with a specific query parameter that contains a malicious script. It then checks the response for specific conditions to determine if the vulnerability is present.

Matching conditions:

- The response status must be 200. - The response body must contain the string "<script>alert(document.cookie)</script>". - The response header must contain the string "text/html".

If all of these conditions are met, the module reports the presence of the cross-site scripting vulnerability in the IBM Eclipse Help System.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/help/index.jsp?view...
Matching conditions
status: 200and
word: <script>alert(document.cookie)</script>and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability