Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Qcubed - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Qcubed software. Qcubed is a web development framework that allows developers to create PHP-based applications. This vulnerability can be exploited by a remote attacker to inject arbitrary JavaScript code into the application.
This vulnerability is classified as CWE-79 and has a severity rating of high. It has a CVSS score of 7.2, indicating a significant impact on the confidentiality and integrity of the affected application.
This module was authored by pikpikcu.
If successfully exploited, this cross-site scripting vulnerability can allow an attacker to execute arbitrary JavaScript code within the context of the vulnerable application. This can lead to various security risks, including session hijacking, defacement of web pages, and theft of sensitive user information.
The "Qcubed - Cross-Site Scripting" module works by sending HTTP requests to specific endpoints in the Qcubed application. It then applies matching conditions to determine if the vulnerability is present.
One example of an HTTP request sent by this module is:
GET /assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
The module applies the following matching conditions:
- The response body must contain the string "</script><script>alert(document.domain)</script>" - The HTTP response status must be 200 - The response header must contain the string "text/html"If all of these conditions are met, the module reports a vulnerability.