Open ocervell opened 1 year ago
Hi @ocervell Dalfox does not output R type if the vulnerability is identified as V type. Looking at the information you sent, it seems that all V types are included.
The reason why the R type is not printed when checking with V type is to prevent indiscriminate R output. Sometimes, Although it is a V type, the R output is caused by fast concurrency processing.
Describe the bug
I've been running
dalfox
on the same URL over and over again, here are the results:As you can see, the reflected XSS does not show up across all the runs. Any ideas why ?
Environment