Comments (3)
bsmali4
commented on July 28, 2024
我记得,dvwa发包是要带csrftoken的,还有的话,存储型的必须指定一个输出点
from xssfork.
3xp10it
commented on July 28, 2024
lever为low是没有token的,用xssforkapi.py添加任务方式检测时有指定输出点(输出点为相同页面),目前没有检测出来.
后来使用xssfork.py数据如下:
py2 xssfork.py -u "http://192.168.43.190/dvwa/vulnerabilities/xss_s/" --cookie "PHPSESSID=ht4fjel6rpta7qbfibksr3ao80;security=low" -D http://192.168.43.190/dvwa/vulnerabilities/xss_s/ --data "txtName=a&mtxMessage=a&btnSign=Sign+Guestbook"
py2 xssfork.py -u "http://192.168.43.190/dvwa/vulnerabilities/xss_s/" --cookie "PHPSESSID=ht4fjel6rpta7qbfibksr3ao80;security=low" -D http://192.168.43.190/dvwa/vulnerabilities/xss_s/ --data "txtName=a&mtxMessage=a&btnSign=Sign+Guestbook"
__ _
/ _| | |
__ _____ ___| |_ ___ _ __| | __
\ \/ / __/ __| _/ _ \| '__| |/ / version: 1.0.2#dev
> <\__ \__ \ || (_) | | | < author: b5mali4
/_/\_\___/___/_| \___/|_| |_|\_\ http://xssfork.secbug.net
[09:24:48] [DEBUG] checking if url is available
[09:24:48] [INFO] url connection success
[09:24:48] [DEBUG] checking if destination is available
[09:24:48] [INFO] destination connection success
[09:24:48] [DEBUG] checking if has_params
[09:24:48] [INFO] there is params, xssfork will work
[09:24:48] [INFO] loading default paloads
[09:24:48] [INFO] loading default paloads success
[09:24:48] [INFO] 1527 payloads loaded
[xssfork] 1471/1527 payloads injected...
最后一直卡在[xssfork] 1471/1527 payloads injected...这一行.
from xssfork.
bsmali4
commented on July 28, 2024
这个,我最近也发现了,准备花个时间好好看看
from xssfork.
Related Issues (20)
- TypeError: unhashable type: 'dict' HOT 1
- dvwa的get、post方式的xss都无法检测出来 HOT 3
- 是否考虑支持csrf_token参数 HOT 1
- 没有检测出XSS,反射型 HOT 1
- requestment.txt -> requirements.txt HOT 3
- ImportError: No module named colorlog HOT 1
- 关于请求方法和payload问题 HOT 4
- [ERROR] there is no params, please check your input
- Windows无法使用吗 HOT 3
- centos启动报错 HOT 1
- mac下路径问题 HOT 2
- 普通的xss扫不出来。。 HOT 1
- 检测注入的那个Burp插件还有吗? HOT 1
- windows与linux环境下行分隔符不一致导致的错误
- SQL注入漏洞
- cannot import name 'XSS_FORK_PATH' HOT 7
- 大哥你的这个检测貌似不行 HOT 11
- Kali,python 2.7环境启动报错 HOT 3
- 是否考虑支持多线程? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xssfork.