Closed sk3lk0 closed 4 years ago
you can run dvwa via using this command docker run -it -p 80:80 vulnerables/web-dvwa then go to localhost:80
Hi @sk3lk0 ,
Thank you for issue. When I look at the your scanning log, it's not reflected parameter(name
).
but I'll test it and write you back.
If it is a reflected param and it is not recognized properly, it is considered a bug.
for all param test, you can ignore whether or not the reflected parameter(-a
option)
e.g
$ xspear -u "http://localhost/vulnerabilities/xss_r/?name= -a "
@sk3lk0 You should add a cookie while scanning.
@sk3lk0 I checked it again just in case. As @cihanmehmet said, it happened because there was no authentication information. It's possible if you add some cookies. (--cookie, --headers option)
--headers=HEADERS [optional] Add HTTP Headers
--cookie=COOKIE [optional] Add Cookie
im trying using xspear on dvwa (Damn Vulnerable Web Application), but it not working XSpear 1.3.1 (ubuntu)