Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

Microweber Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#microweber#xss#oss
Description

What is the "Microweber Cross-Site Scripting?"

The "Microweber Cross-Site Scripting" module is designed to detect and report instances of cross-site scripting (XSS) vulnerabilities in the Microweber software. Microweber is a content management system (CMS) that allows users to create and manage websites. This module focuses on identifying reflected XSS vulnerabilities in Microweber versions prior to 1.2.11.

This vulnerability is classified as CWE-79 and has a severity rating of high. The CVSS score for this vulnerability is 7.2, indicating a significant risk to the security of the affected websites.

This module was authored by gy741.

Impact

A successful exploitation of the Microweber Cross-Site Scripting vulnerability can allow an attacker to inject malicious scripts into web pages viewed by users. This can lead to various consequences, including the theft of sensitive information, session hijacking, defacement of websites, and the execution of arbitrary code on the user's browser.

How the module works?

The "Microweber Cross-Site Scripting" module works by sending a specific HTTP request to the target Microweber website and analyzing the response. The module checks for the presence of certain patterns in the response body, headers, and the HTTP status code to determine if a vulnerability exists.

One example of an HTTP request sent by this module is:

/editor_tools/module?type=files/admin"><script>alert(document.domain)</script>&params=filetype=images#path=

This request is designed to trigger a reflected XSS vulnerability in the Microweber software. The module then checks if the response contains the injected script, has a "text/html" content type in the headers, and returns a 200 status code.

If all the matching conditions are met, the module reports the vulnerability as a potential security issue.

It is important to note that this module is part of a larger scanning system and is used to perform specific tests on Microweber websites to identify potential vulnerabilities. The results of these tests can help website owners and administrators take appropriate actions to secure their websites.

For more information, you can refer to the Microweber GitHub repository.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/editor_tools/module...
Matching conditions
word: <script>alert(document.domain)</script>"...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability