-
-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Testing script injection #466
Comments
To achieve your desired action, there are three specific flags that you can try.
If you want to test with a custom payload, you can use the dalfox url https://xss-game.appspot.com/level1/frame \
--custom-alert-value "1);your_payload;console.log("
# [POC][R][GET][inHTML-none(1)-URL] https://xss-game.appspot.com/level1/frame?query=%3CsVg%2Fonload%3Dprompt%281%29%3Byour_payload%3Bconsole.log%28%29%3E
# https://xss-game.appspot.com/level1/frame?query=%3CsVg%2Fonload%3Dprompt%281%29%3Byour_payload%3Bconsole.log%28%29%3E If you're interested, I can write some code and create a new flag that modifies the function. |
dalfox url https://xss-game.appspot.com/level1/frame \ --custom-payload /home/scripts/JavaScript.js Would that input be right ? |
@ChillVibesMushroom Could you show me an example of the .js file? I don't understand exactly what kind of action you want. 😭 |
<script>alert("test");</script> |
@ChillVibesMushroom |
Ill give it a shot right now Im looking into different frameworks I just remembered I actually do have to install Dalfox you know what I realized though that the tool is pretty powerful it doesn't automatically go incognito mode it just gets straight too it and alongside I was going to ask you but I never got the chance what tools would you use alongside dalfox when scanning a website for vulnerabilities. |
Question
Your questions
Is it possible to test my personal Js script for injection using dalfox
The text was updated successfully, but these errors were encountered: