epsylon
commented
8 years ago Hi, Do you think that is a problem of the tool?.
Maybe you should try to use a transparent proxy (ex: burp) to see whats going on exactly with your requests.. By the way, I don't see how can be exploited a script with the PoC that you provided...
Hello,
I know, that site vulnerable with next xss (full URL with payload):
https://www.site.com/?xy6da"-alert('HACKED')-"u5lxn=1
But I can reproduce this XSS only in IE after I turned off internal XSS protection. I plan to exploit and create encoded POC of thi XSS with xsser latest version 1.7 inside kali, but seems I doing something wrong, xsser can't find/detect this xss.
Can you please advice right options?
Thank you, Dmitry