hahwul
commented
2 years ago Hi @leorac
First, thank you for submit issue!
I checked the problem and fixed it right away. If there's any problem, please reopen! It's will be include in v2.4.9 release.
Update with source
$ git clone https://github.com/hahwul/dalfox
$ cd dalfox
$ go build
$ ./dalfox
or
$ go install
$ ~/go/bin/dalfoxMy Test case
$ ./dalfox url https://adserving.unibet.com/redirect.aspx\?pid\=100399\&redirectURL\=a --silence [POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fwww.google.com%2F%252e%252e%252f
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com%2F%252f..
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com%2F%2F
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fwww.google.com%2F%252f%252e%252e
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com%2F
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com%2F%2F
[POC][G][OpenRedirect/GET] https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https%3A%2F%2Fgoogle.com%2F
leorac
Describe the bug
Normally I use dalfox in silence mode, so with great surprise I realized today that dalfox is able to recognize ORs, but they are not shown in --silence mode.
How to reproduce: Try launching dalfox url "https://adserving.unibet.com/redirect.aspx?pid=100399&redirectURL=https://www.google.com" and notice how it recognize the OR Try launching with --silence mode