Sucuri - Githubissues

epsylon / xsser

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

https://xsser.03c8.net

1.21k stars 240 forks source link

Sucuri #44

Closed toptuto closed 5 years ago

toptuto commented 5 years ago

Hello, can you bypass the Sucuri WFA ?

epsylon commented 5 years ago

@toptuto I think so! But it's not implemented as a feature on latest release. So, you need to inject "magic code" by using '--Fp' or '--payload' options. You have some examples for bypasses here:

https://hax0rzone.blogspot.com/2015/04/sucuri-waf-xss-filter-bypass.html

epsylon commented 5 years ago

@toptuto A Sucuri WAF bypasser has been added to latest release: https://github.com/epsylon/xsser/commit/04a498e6a7e3cc0fea38a5d9172c7a04f136c4bc