Skip to content

Commit 77869c4

Browse files
MindPatchMindPatch
committed
Payloads
1 parent c360b22 commit 77869c4

File tree

2 files changed

+5
-6
lines changed

2 files changed

+5
-6
lines changed

scanners/src/payloads.rs

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,14 @@
11
pub fn get_jsvalue() -> Vec<String> {
22
vec![
33
"document.cookie".to_string(),
4-
"document.location".to_string(),
5-
"1".to_string(),
64
]
75
}
86

97
pub fn get_jscmd() -> Vec<String> {
108
vec![
11-
"<img src=x onerror=$JS_FUNC$`$JS_CMD$`>".to_string(),
12-
"<h1 $JS_FUNC$`$JS_CMD$`>".to_string(),
13-
"<h1 $JS_FUNC$($JS_CMD)".to_string(),
9+
"alert".to_string(),
10+
"prompt".to_string(),
11+
"confirm".to_string(),
1412
]
1513
}
1614

scanners/src/scan/xss/bypass.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@ impl<'a> PayloadGen<'a> {
126126
qoutes.repeat(i),
127127
attr_param,
128128
js_cmd,
129-
" vd".repeat(i)
129+
" vd ".repeat(i)
130130
)
131131
},
132132
search: format!(r#"*[{}="{}"]"#, attr_param, js_cmd),
@@ -136,6 +136,7 @@ impl<'a> PayloadGen<'a> {
136136
});
137137
payloads
138138
}
139+
139140
pub fn attrname_payloads(&self) -> Vec<OrderPayload> {
140141
let mut payloads: Vec<OrderPayload> = Vec::new();
141142
self.payloads.attr.iter().for_each(|attr| {

0 commit comments

Comments
 (0)