Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

alert matching should be changed #7

Open
splint3rsec opened this issue Mar 27, 2022 · 1 comment
Open

alert matching should be changed #7

splint3rsec opened this issue Mar 27, 2022 · 1 comment

Comments

@splint3rsec
Copy link

splint3rsec commented Mar 27, 2022

freq only checks if the string "alert(1)" is reflected in the result, which could lead to a lot of false positives, it would be great if the following block of code

sb := string(body)
   check_result := strings.Contains(sb , "alert(1)")

is changed to match "><img src=x onerror=alert(1)> or any other xss payload that contains < and > in order to avoid false positives.

Thanks

@takshal
Copy link
Owner

takshal commented Mar 28, 2022

i will add more function as soon as possible...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants