hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.55k stars 397 forks source link

false positive? #441

Open sircat88 opened 1 year ago

sircat88 commented 1 year ago

what am i missing here @hahwul dalfox doesn't throw too many false positives am getting verified xss but it does not execute:

[V] Triggered XSS Payload (found DOM Object): redirecturl=

But when i go to the link it does not execute so am i missing something here? would love your input on this.

hahwul commented 1 year ago

Hi @sircat88 Is there an example or sample of payload? In the case of Verify([V]), it is logging when found with DOM Object or when check alert by Headless browser. I think we need to know exactly when the problem occurred.