Chr0nicT
commented
5 years ago Copy the source of the page. Inject Diff the source
Has it changed?
I’m on it, btw.
Open M4cs opened 5 years ago
Chr0nicT
commented
5 years ago Copy the source of the page. Inject Diff the source
Has it changed?
I’m on it, btw.
M4cs
commented
5 years ago No youre not being assigned this. I want @TotallyNotChase opinion first and to see his changes/improvements.
TotallyNotChase
commented
5 years ago @Chr0nicT I think that's a nice and simple solution but shouldn't we worry about the page being changed other than the bold tag? Submitting a form, for example, can also change the page source whether or not the reflective scanning works.
So I guess we'll have to check through the diff for exactly what we want with this. I think chronic should on this if he wants @M4cs
TotallyNotChase
commented
5 years ago As a sidenote, could someone link me a website/source that is vulnerable to this exploit? I'd love to see whether there are other ways of doin this :D
S03HT3T
commented
5 years ago 
Why?????
TotallyNotChase
commented
5 years ago Could you post the error itself, need to scroll down a bit from there @S03HT3T
We need a way to check for vulnerabilities other than alerts. If a payload injects a bold tag with no closing tag we need to make sure that the webpage has bold text following where it shouldnt.
Should we add a templating system? you can feed the source of the page normally and then parae through that? @TotallyNotChase what do you think?