shelld3v
commented
3 years ago Also, how reflections in headers can be a possible XSS?
Open shelld3v opened 3 years ago
shelld3v
commented
3 years ago Also, how reflections in headers can be a possible XSS?
elkokc
commented
3 years ago First of all, thank you for using our plugin after all this time. Technologies are rapidly evolving, but bugs remain. I think "XSS in Headers" in this case related to CRLF injection. The are many cases and various techniques , when user can manipulate with this type of vulnerability in order to escalate it to XSS or use for web cache poisoning. I am agree with you that these days It's hardly even face with CRLF injection, but who knows? Thank you for your Pull-Request. Wouldn't it be better to make this option adjustable? In that case user could easily switch, depending on their needs.
shelld3v
commented
3 years ago I just only changed the "XSS in header" severity to "Unlikely", didn't remove it.
Wouldn't it be better to make this option adjustable? In that case user could easily switch, depending on their needs.
I don't have too much time and skills to can do that! Can u do it?
My burp is getting flooded by shitty false positives, so submit this. Feel free to ask me for adjusting