Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple XSS - False positive #5405

Open
12 of 24 tasks
ehsandeep opened this issue Sep 17, 2022 · 0 comments
Open
12 of 24 tasks

Multiple XSS - False positive #5405

ehsandeep opened this issue Sep 17, 2022 · 0 comments
Assignees
@ritikchaddha @pussycat0x
Labels
defcon31 false-positive Nuclei template reporting invalid/unexpected result Priority: High After critical issues are fixed, these should be dealt with before any further issues.

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Sep 17, 2022
edited by ritikchaddha
Loading

We have compiled a collection of XSS templates that include XSS payloads as matchers. However, we have observed that on numerous hosts, the XSS payload is reflected on the endpoint but in a different context, making it ineffective in executing XSS attacks and resulting in false positive results.

To address this issue, we need to modify these templates by incorporating a distinctive string obtained from the endpoint where the XSS payload is reflected. This addition will help us avoid false positives by ensuring that the unique string is present on the vulnerable software or endpoint. We can also add a string either before or after the XSS payload. You can refer to the following example: CVE-2022-24899

In this case, we have added an extra string, "Not authenticated", which will serve as a distinctive identifier specific to this particular endpoint and Contao. This addition ensures that it would only match on vulnerable Contao hosts, preventing any unintended matches on other hosts.

Nuclei Version:

master

Template file:

  • http/cves/2021/CVE-2021-39320.yaml
  • http/cves/2021/CVE-2021-41878.yaml
  • http/cves/2022/CVE-2022-31373.yaml
  • http/cves/2006/CVE-2006-1681.yaml
  • http/cves/2007/CVE-2007-5728.yaml
  • http/cves/2011/CVE-2011-4618.yaml
  • http/cves/2018/CVE-2018-5316.yaml
  • http/cves/2018/CVE-2018-5233.yaml
  • http/cves/2020/CVE-2020-2036.yaml
  • http/cves/2020/CVE-2020-2096.yaml
  • http/cves/2020/CVE-2020-11930.yaml
  • http/cves/2020/CVE-2020-19295.yaml
  • http/cves/2020/CVE-2020-28351.yaml
  • http/cves/2021/CVE-2021-35265.yaml
  • http/cves/2014/CVE-2014-9608.yaml
  • http/cves/2021/CVE-2021-26475.yaml
  • http/cves/2019/CVE-2019-0221.yaml
  • http/cves/2013/CVE-2013-4625.yaml
  • http/cves/2021/CVE-2021-30049.yaml
  • http/cves/2016/CVE-2016-1000127.yaml
  • http/cves/2021/CVE-2021-38702.yaml
  • http/vulnerabilities/oracle/oracle-ebs-xss.yaml
  • http/vulnerabilities/other/nginx-module-vts-xss.yaml
  • http/vulnerabilities/wordpress/wp-socialfit-xss.yaml

Command to reproduce:

cat template_list.txt

http/cves/2021/CVE-2021-41878.yaml
http/cves/2014/CVE-2014-9608.yaml
http/cves/2020/CVE-2020-11930.yaml
http/cves/2021/CVE-2021-39320.yaml
http/cves/2020/CVE-2020-2036.yaml
http/cves/2020/CVE-2020-2096.yaml
http/cves/2020/CVE-2020-19295.yaml
http/cves/2021/CVE-2021-35265.yaml
http/cves/2020/CVE-2020-28351.yaml
http/cves/2006/CVE-2006-1681.yaml
http/cves/2022/CVE-2022-31373.yaml
http/cves/2007/CVE-2007-5728.yaml
http/cves/2018/CVE-2018-5233.yaml
http/cves/2011/CVE-2011-4618.yaml
http/cves/2018/CVE-2018-5233.yaml
vulnerabilities/other/nginx-module-vts-xss.yaml
vulnerabilities/oracle/oracle-ebs-xss.yaml
nuclei -t template_list.txt -u http://hydass.be
@ehsandeep ehsandeep added the false-positive Nuclei template reporting invalid/unexpected result label Sep 17, 2022
@princechaddha princechaddha added the Priority: High After critical issues are fixed, these should be dealt with before any further issues. label Sep 22, 2022
@projectdiscovery projectdiscovery deleted a comment from akincibor Nov 9, 2022
This was referenced Jul 7, 2023
Closed
Open
@ritikchaddha ritikchaddha mentioned this issue Jul 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ritikchaddha ritikchaddha

@pussycat0x pussycat0x

Labels
defcon31 false-positive Nuclei template reporting invalid/unexpected result Priority: High After critical issues are fixed, these should be dealt with before any further issues.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ehsandeep @princechaddha @ritikchaddha @pussycat0x