Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ZendFramework 1.12.2 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in ZendFramework versions up to 1.12.2. This vulnerability allows an attacker to inject malicious code into a web application, potentially compromising user data or executing unauthorized actions. The severity of this vulnerability is classified as medium.
This module was authored by c3l3si4n.
If exploited, the cross-site scripting vulnerability in ZendFramework 1.12.2 can lead to various security risks, including:
- Execution of arbitrary code on the affected web application - Theft of sensitive user information - Manipulation of user sessions - Defacement of web pagesThe "ZendFramework 1.12.2 - Cross-Site Scripting" module works by sending HTTP requests to specific paths in the target application. It then applies matching conditions to determine if the vulnerability is present. The module checks for the following conditions:
- The response body contains the string "\"redirection\"]", "\"param\"", or "If all of these conditions are met, the module reports a vulnerability.Here is an example of an HTTP request sent by the module:
GET /vendor/diablomedia/zendframework1-http/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3¶m=<img/src=x%20onerror=alert(1)>
Please note that this is a simplified example and the module may perform additional checks and requests based on its configuration.