Grep bug? - Githubissues

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

https://dalfox.hahwul.com

MIT License

3.75k stars 418 forks source link

Grep bug? #325

Closed hahwul closed 2 years ago

hahwul commented 2 years ago

Hello! Why the grep PoC has become [POC][G][GET][GREP] instead of the specific type of finding he get? I thought that was because of the silent mode, but it looks like it prints this kind of result even without silent flag from Leo Rac

hahwul commented 2 years ago

checked

[POC][G][GET][GREP] http://testphp.vulnweb.com/listproducts.php?cat=%7B%7B444%2A6664%7D%7D

poc object (built-in or custom)

poc := model.PoC{
                Type:       "G",
                InjectType: "GREP",
                Method:     "GET",
                Data:       req.URL.String(),
                Param:      "",
                Payload:    payload,
                Evidence:   "",
                CWE:        "",
            }

printing

pocs := "[" + poc.Type + "][" + poc.Method + "][" + poc.InjectType + "] " + poc.Data

other

poc := model.PoC{
                    Type:       "G",
                    InjectType: "BAV/SSTI",
                    Method:     "GET",
                    Data:       req.URL.String(),
                    Param:      "",
                    Payload:    payload,
                    Evidence:   "",
                    CWE:        "CWE-94",
                }

hahwul commented 2 years ago

Chnage InjectType in Grepping

GREP => BUILTIN [POC][G][GET][BUILTIN]
CUSTOM-GREP => CUSTOM [POC][G][GET][CUSTOM]

Test

[G] Found dalfox-error-mysql via built-in grepping / payload: DalFox
    Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in /hj/var/www/listproducts.php on line 74
[POC][G][GET][BUILTIN] http://testphp.vulnweb.com/listproducts.php?pleasedonthaveanamelikethis_plz_plz=DalFox