You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello great people!
Im just getting started with XSS and had seen dalfox once upon a time - so, i naturally i started it up!
I got a hit on one of my targets and it came back as this:
[G] Found dalfox-google-api via built-in grepping / payload: "onpointerover=confirm(1) class=dalfox s
[POC][G][GET][BUILTIN] https://www.exampel.com?img_url=%22onpointerover%3Dconfirm%281%29+class%3Ddalfox+**
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello great people!
Im just getting started with XSS and had seen dalfox once upon a time - so, i naturally i started it up!
I got a hit on one of my targets and it came back as this:
However, this POC does nothing when using - but im starting to think im the noob here :)
I tried reading up in the dalfox code how the payload looked like: https://github.com/hahwul/dalfox/blob/main/pkg/scanning/payload.go#L400 but no luck.
Any pointers welcome on how to actually confirm/abuse and report such a finding, or even better, where i can learn all about it?
Thanks, much appreciated !
Beta Was this translation helpful? Give feedback.
All reactions