Add reflective scanning for XSS injection. #13
Comments
M4cs
added
enhancement
|
Copy the source of the page. Has it changed? I’m on it, btw. |
|
No youre not being assigned this. I want @TotallyNotChase opinion first and to see his changes/improvements. |
|
@Chr0nicT I think that's a nice and simple solution but shouldn't we worry about the page being changed other than the bold tag? Submitting a form, for example, can also change the page source whether or not the reflective scanning works. So I guess we'll have to check through the diff for exactly what we want with this. I think chronic should on this if he wants @M4cs |
|
As a sidenote, could someone link me a website/source that is vulnerable to this exploit? I'd love to see whether there are other ways of doin this :D |
|
|
|
Could you post the error itself, need to scroll down a bit from there @S03HT3T |
We need a way to check for vulnerabilities other than alerts. If a payload injects a bold tag with no closing tag we need to make sure that the webpage has bold text following where it shouldnt.
Should we add a templating system? you can feed the source of the page normally and then parae through that? @TotallyNotChase what do you think?
The text was updated successfully, but these errors were encountered: