Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Open Akamai ARL - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#akamai#xss
Description

What is "Open Akamai ARL - Cross-Site Scripting?"

The "Open Akamai ARL - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Open Akamai ARL software. This vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.

This module was authored by pdteam.

Impact

If exploited, this cross-site scripting vulnerability in Open Akamai ARL can lead to various consequences, including unauthorized access to sensitive information, session hijacking, and the potential for further attacks on the affected system.

How the module works?

The "Open Akamai ARL - Cross-Site Scripting" module works by sending a specific HTTP request to the target system and then analyzing the response. It uses matching conditions to identify if the vulnerability is present.

One example of an HTTP request used by this module is:

GET /7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirm(document.domain)%3E HTTP/1.1

The module then applies the following matching conditions:

- The response body must contain the following words: "><svg onload=confirm(document.domain)>" and "Suggestions for improving the results". - The response header must contain the word "text/html".

If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability in Open Akamai ARL.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/7/0/33/1d/www.citys...
Matching conditions
word: "><svg onload=confirm(document.domain)>,...and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability