DOM XSS TEMPLATE NOT WORKING #7186
Unanswered
oldDuDe124
asked this question in
Q&A
Replies: 1 comment 1 reply
-
|
@oldDuDe124 this is what you might be looking for - id: dom-xss
info:
name: DOM
author: hunter
severity: low
description: search for foo in DOM
headless:
- steps:
- args:
url: "{{BaseURL}}"
action: navigate
- action: waitload
- action: script
name: dom
args:
code: |
() => {
var alerts = [];
var nodes = document.evaluate('//*[contains(text(),"foo")]',
document, null, XPathResult.ANY_TYPE, null);
var result = nodes.iterateNext();
while(result) {
alerts.push({sink: 'DOM', source: result.parentNode.nodeName, code: result.parentNode.outerHTML});
result = nodes.iterateNext();
}
return alerts;
}
matchers:
- type: word
part: dom
words:
- "sink:"Things were missing in the original template.
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
thank you so much!! , i know this is silly to ask these types of questions but i am stuck with another problem here.... var nodes = document.evaluate('//*[contains(text(),"foo"")]', i wanna check if double quotes are reflected in the DOM.... |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
hi!
although i'm a total noob in writing nuclei templates in headless mode , i've made a simple template (with the help of one of your DOM XSS templates in the origin repository) for checking the reflection of <oo in the given DOM , but it doesn't seem to be working when i pass it a url that foo is reflected in the DOM .
the template is fine and there is not any syntax errors in it , but it's just not able to find he reflection in the DOM , here is template:
i will be so glad if you can guide me here..... i don't know what i'm doing wrong.........
Beta Was this translation helpful? Give feedback.
All reactions