Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PMB v7.4.1 - Cross Site Scripting

By kannthu

Vidoc logoVidoc Module

What is "PMB v7.4.1 - Cross Site Scripting?"

The "PMB v7.4.1 - Cross Site Scripting" module is designed to detect a cross-site scripting vulnerability in the PMB CMS (Content Management System). This vulnerability allows an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. The severity of this vulnerability is classified as medium, with a CVSS score of 5.4.

This module was authored by r3Y3r53.


If successfully exploited, this vulnerability can lead to various consequences, including:

- Execution of arbitrary code in the user's browser - Theft of sensitive information - Session hijacking - Defacement of the affected website

How the module works?

The "PMB v7.4.1 - Cross Site Scripting" module works by sending a specific HTTP request to the target PMB CMS installation. The request is designed to exploit the vulnerability by injecting malicious code into the "no_search" parameter. The module then analyzes the response to determine if the injection was successful.

Matching conditions used by this module include:

- Checking if the response body contains the injected script tag: <script>alert(1337)</script> - Checking if the response body contains specific keywords like "PMB Group" or "pmbDojo" - Checking if the response header indicates a content type of "text/html" - Checking if the response status code is 200 (OK)

If all of these conditions are met, the module reports a vulnerability.

For more information, you can refer to the GitHub repository.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: <script>alert(1337)</script>and
word: PMB Group, pmbDojoand
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability