Open SergejFrank4242 opened 2 years ago
Hi @SergejFrank4242 Thank you for submit issue!
First of all, it is normal to detect the pattern from Injected Attribute, but it is a pity that it could not be detected. I think we need to know the cause. is it possible to share log this part?
The dalfox may be not detect if the Reflection not found or Reflection has a Invalid Badchar pattern.
[I] Reflected email param => PTYPE: URL Injected: /inATTR-double(1) { ; ` : + $ - , [ } = ) ] . \ ( | 901 line: me="email" value="DalFox"placeholder="E-Mail" /><
it looks like dalfox does not detect that " would be allowed
@SergejFrank4242
From the log alone, I think dalfox decided there's no "
.
I think, this is bug, I'll check it 🚀
Describe the bug
Hey there! First of all, thanks for this great tool.
When testing dalfox against a known xss vulnerability within an input field, the scan unfortunately returned no result
Known Working Payload
Am i doing something wrong? Or why does dalfox not finding this for me :(
Environment