45 行
981 B
YAML
45 行
981 B
YAML
profile_id: xss-generic
|
|
match_rules:
|
|
keywords:
|
|
- xss
|
|
- cross-site scripting
|
|
- dom xss
|
|
- trusted types
|
|
vuln_family: xss
|
|
provisioning_mode: synthetic
|
|
artifact_source:
|
|
strategy: official-image-or-synthetic
|
|
required_services:
|
|
- app
|
|
seed_actions:
|
|
- kind: note
|
|
message: Seed a low-privilege user and a review page when the target supports stored content.
|
|
baseline_actions:
|
|
- kind: http-get
|
|
path: /
|
|
attack_actions:
|
|
- kind: tool
|
|
tool: xss-fuzzer
|
|
args:
|
|
- "-u"
|
|
- "{target_url}"
|
|
- "--dom-scan"
|
|
- "--check-csp"
|
|
- "--evidence-dir"
|
|
- "{evidence_dir}"
|
|
- "--run-id"
|
|
- "{run_id}"
|
|
- "--case-id"
|
|
- "{case_id}"
|
|
browser_assertions:
|
|
required: true
|
|
strategy: reflect-or-render
|
|
success_criteria:
|
|
- Browser evidence confirms payload reflection or DOM sink execution path.
|
|
cleanup_policy: destroy
|
|
destructive_risk: low
|
|
allowed_target_types:
|
|
- lab-local
|
|
- lab-public
|
|
- authorized-third-party
|