Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

SiteMinder - DOM Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#dom#xss#siteminder
Description

The SiteMinder - DOM Cross-Site Scripting module is designed to identify a high severity cross-site scripting vulnerability in SiteMinder's document object model. This module targets SiteMinder, a software that provides centralized web access management and authentication.

This module can detect misconfiguration or vulnerability in SiteMinder. It works by sending HTTP requests to specific paths and then matching the response against predefined conditions. The module requires the response to have a status code of 200, contain the text "="confirm(document.domain)"> you cannot access your", and have the header set to "text/html".

The impact of this vulnerability can be severe, as it allows an attacker to inject malicious scripts into the affected web application, leading to potential data theft, session hijacking, or unauthorized actions.

Author: Unknown

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/siteminderagent/for.../siteminderagent/for...
Matching conditions
word: \u003d\u0022confirm(document.domain)\u00...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability