Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False Positive Issue... #401

Open
SidNimSan opened this issue May 20, 2024 · 1 comment
Open

False Positive Issue... #401

SidNimSan opened this issue May 20, 2024 · 1 comment

Comments

@SidNimSan
Copy link

SidNimSan commented May 20, 2024

I used XSStrike on a website with this command:

XSStrike generated the following output:
XSStrike v4.0.0
[!] Testing parameter: srule
[!] Reflections found: 2
[] Analysing reflections
[
] Generating payloads
[!] Payloads generated: 24

[+] Payload: %0daUtOFOCUS%0donfoCUs=(prompt)``
[!] Efficiency: 100
[!] Confidence: 8
[?] Would you like to continue scanning? [y/N]

I am unable to exploit the all the 24 payloads.

XSStrike generated the following output:
XSStrike v4.0.0

[!] Testing parameter: cgid
[!] Reflections found: 3
[] Analysing reflections
[
] Generating payloads
[!] Payloads generated: 1536
[~] Progress: 297/1536

[+] Payload: <html%0aonmouseoVer%0a=%0aa=prompt,a()%0dx//
[!] Efficiency: 91
[!] Confidence: 10

Is this a false positive?

If i am doing wrong please guide the procesure to exploit it.

Thank You

@SidNimSan
Copy link
Author

Thanks for valuable reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant