search

epsylon / xsser

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
https://xsser.03c8.net
1.21k stars 240 forks source link

Reverse-check is not executed for some reason #60

Closed geople closed 4 years ago

geople commented 4 years ago

Reverse-check steop is not executed for some reason after finding possible xss vector, XSSER 1.8.3 version .

To Reproduce python3 xsser --auto -u "http://testphp.vulnweb.com/search.php?test=query" -p "searchFor=XSS&goButton=go" --reverse-check

The script finished likes this :

[*] Final Results:

[*] List of XSS injections: -> CONGRATULATIONS: You have found: [ 1287 ] possible XSS vectors! ;-) [Info] Aborting large screen output. Generating auto-report at: [ XSSreport.raw ] ;-)

.

epsylon commented 4 years ago

Probably you haven't closed correctly your previous sockets from other tests. Sometimes can happen. Take a look at your processes and kill all them (ex: gecko driver, firefox -marionette...) before to start a new one. Also, try to --delay it a bit... (ex: --delay 5)

epsylon commented 4 years ago

This patch should fix this "socket" issue: https://github.com/epsylon/xsser/commit/d22ef5b8f80293627dbfd1b28730e727706cb360 Thanks @geople for your report ;-)