xss in path

[ghsec]

Sometimes need check xss in path.

[hahwul]

Hi @ghsec , Thank you for a good idea. I am of the same opinion. I'm thinking of an option to specify a inject point to test, but if you have anything to add, please let me know.

- params
- cookie
- path
- user-agent

Cookie and UA are thinking about integrating into the header. But Heather may have the potential to induce malfunctions..

[ghsec]

And need add xss oauloads in js functio

[ghsec]

I will try edit and test this localy.

[hahwul]

However, I will develop the path(and js function) testing first. it as need some structural changes to support all the inject points. I'll leave a comment when I'm done.

I always welcome pull requests :)

[ghsec]

Ok thank

[hahwul]

Hi @ghsec , As I was thinking about plan, I have a question. Is it true that what you said was the addition of an XSS case that works inside the JS? Let me know if I got it wrong!

e.g

// [test param on request ]: '+alert(45);//
// [ response ]

var a = 'test'+alert(45);//';

[hahwul]

If the above content is correct, I think it would be better to add payload, and Selenium detection would be less misleading than Reflected detection. (It was just memo for me)

[ghsec]

@hahwul sorry I don't know Ruby well but it is right way, keyword'-alert(45)-' keyword for search reflection and you can build regexs for detecting xss payloads.

[ghsec]

@hahwul we can change ideas on twitter [@GochaOqradze](Check out გოჩა ოქრაძე (Gocha Okradze) (https://twitter.com/GochaOqradze)

[hahwul]

@ghsec I understood it. I also knew the need to add these skill(in-js) because they are used a lot. Thank you for your opinion! Maybe next January at the latest, v1.3 with that feature will be released! Thank you very much.

[hahwul]

Hi @ghsec , Version 1.3 with path scan and in-js scan is released. Maybe i need to add more patterns. If you need a bug or a pattern, please leave a comment. Thank you very much for your good opinion. Happy New Year

$ gem update XSpear