Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ZendFramework 1.12.2 - Cross-Site Scripting

By kannthu

Vidoc logoVidoc Module

What is "ZendFramework 1.12.2 - Cross-Site Scripting?"

The "ZendFramework 1.12.2 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in ZendFramework versions up to 1.12.2. This vulnerability allows an attacker to inject malicious code into a web application, potentially compromising user data or executing unauthorized actions. The severity of this vulnerability is classified as medium.

This module was authored by c3l3si4n.


If exploited, the cross-site scripting vulnerability in ZendFramework 1.12.2 can lead to various security risks, including:

- Execution of arbitrary code on the affected web application - Theft of sensitive user information - Manipulation of user sessions - Defacement of web pages

How the module works?

The "ZendFramework 1.12.2 - Cross-Site Scripting" module works by sending HTTP requests to specific paths in the target application. It then applies matching conditions to determine if the vulnerability is present. The module checks for the following conditions:

- The response body contains the string "\"redirection\"]", "\"param\"", or "If all of these conditions are met, the module reports a vulnerability.

Here is an example of an HTTP request sent by the module:

GET /vendor/diablomedia/zendframework1-http/tests/Zend/Http/Client/_files/testRedirections.php?redirection=3&param=<img/src=x%20onerror=alert(1)>

Please note that this is a simplified example and the module may perform additional checks and requests based on its configuration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: "redirection"], "param", <img/src=x oner...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability