Open darshanpjpt opened 1 year ago
raw-request-file:
POST /search.php?test=query HTTP/1.1 Host: testphp.vulnweb.com Content-Length: 26 Cache-Control: max-age=0 Custom-Head-X: demo Upgrade-Insecure-Requests: 1 Origin: http://testphp.vulnweb.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://testphp.vulnweb.com/ Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Connection: close searchFor=demo&goButton=go
Dalfox Command: dalfox file --rawdata dalfox-req.txt --poc-type=http-request -o output.json --format json --only-poc=v --output-request --http
dalfox file --rawdata dalfox-req.txt --poc-type=http-request -o output.json --format json --only-poc=v --output-request --http
The output will contain the following items but not raw_request:
{ "type": "V", "inject_type": "inHTML-none(1)-FORM", "poc_type": "http-request", "method": "POST", "data": "http://testphp.vulnweb.com/search.php?test=query -d goButton=go&searchFor=demo%3Ciframe+srcdoc%3D%22%3Cinput+onauxclick%3Dconfirm%281%29%3E%22+class%3Ddalfox%3E%3C%2Fiframe%3E", "param": "searchFor", "payload": "<iframe srcdoc=\"<input onauxclick=confirm(1)>\" class=dalfox></iframe>", "evidence": "49 line: '>searched for: demo<iframe srcdoc=\"<input onauxclick=confirm(1)>\" class=dalfox>", "cwe": "CWE-79", "severity": "High", "message_id": 1544, "message_str": "Triggered XSS Payload (found DOM Object): searchFor=<iframe srcdoc=\"<input onauxclick=confirm(1)>\" class=dalfox></iframe>" }
Steps to Reproduce
raw-request-file:
Dalfox Command:
dalfox file --rawdata dalfox-req.txt --poc-type=http-request -o output.json --format json --only-poc=v --output-request --http
The output will contain the following items but not raw_request:
Environment