Closed hansmach1ne closed 2 weeks ago
This false positive is because the checkPayload looks if PD9waHAgc3lzdGVtKCRfR0VUW2NdKTsgPz4K
from the test payload is reflected in the response, however test payload contains different b64 encoded value: data.py: L18, L19.
Changed payload to include PD9waHAgc3lzdGVtKCRfR0VUW2NdKTsgPz4K
, data.py: L18,L19
[i] Testing GET 'name' parameter...
[+] XSS -> 'http://192.168.56.104/dvwa/vulnerabilities/xss_r/?name=7ee%3A99l%3Ew%3Cmv%3B81%22%27cw' -> full reflection in response
Content-Type: text/html;charset=utf-8
----------------------------------------
LFImap finished with execution.
Parameters tested: 1
Requests sent: 17
Vulnerabilities found: 1