Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Open Akamai ARL - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Open Akamai ARL software. This vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.
This module was authored by pdteam.
If exploited, this cross-site scripting vulnerability in Open Akamai ARL can lead to various consequences, including unauthorized access to sensitive information, session hijacking, and the potential for further attacks on the affected system.
The "Open Akamai ARL - Cross-Site Scripting" module works by sending a specific HTTP request to the target system and then analyzing the response. It uses matching conditions to identify if the vulnerability is present.
One example of an HTTP request used by this module is:
GET /7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirm(document.domain)%3E HTTP/1.1
The module then applies the following matching conditions:
- The response body must contain the following words:"><svg onload=confirm(document.domain)>"
and "Suggestions for improving the results"
.
- The response header must contain the word "text/html"
.
If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability in Open Akamai ARL.