Bugfix - Flask Local 127.0.0.1 -> 0.0.0.0
parent
84ffc771a5
commit
944b7b0fc1
|
@ -41,6 +41,7 @@ If you have any trouble with Ghost you should have a look to the documentation :
|
|||
chmod +x ./launch
|
||||
./launch
|
||||
```
|
||||
Note: if Gunicorn fail you should launch the "server.py" instead
|
||||
3 - Edit the server configuration in popup.js and background.js with your server's informations
|
||||
```
|
||||
var config_server = "http://127.0.0.1:8000";
|
||||
|
@ -52,3 +53,7 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
|
|||
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
|
||||
- Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/)
|
||||
- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
|
||||
|
||||
# TODO
|
||||
- Verify=False in requests..
|
||||
- OpenURL redirect ?
|
|
@ -1 +1 @@
|
|||
gunicorn --workers=3 server:app --timeout 90
|
||||
gunicorn --workers=3 server:app --timeout 360
|
||||
|
|
|
@ -12,7 +12,6 @@ Parameters: vulns - list of vulnerabilities, url - address of the target, fuzz -
|
|||
"""
|
||||
def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
|
||||
payload = 'jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!--'
|
||||
print repr(fuzz),"fuzz"
|
||||
try:
|
||||
with firefox.start() as session:
|
||||
|
||||
|
@ -36,15 +35,15 @@ def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
|
|||
|
||||
# Detect XSS result with an alert
|
||||
if result == '1':
|
||||
print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
|
||||
print "\t\t\033[93mXSS Detected\033[0m for ", fuzz, " with the payload :", payload
|
||||
vulns['xss'] += 1
|
||||
vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
|
||||
else:
|
||||
print "\t\t\033[94mXSS Failed \033[0m for ", fuzz, " with the payload :", payload
|
||||
|
||||
except Exception, e:
|
||||
if "alert" in str(e):
|
||||
print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
|
||||
if "confirm" in str(e) : #or "alert" in str(e):
|
||||
print "\t\t\033[93mXSS Detected (False positive ?)\033[0m for ", fuzz, " with the payload :", payload
|
||||
inject = url + ":" + fuzz + ":" + payload
|
||||
vulns['xss'] += 1
|
||||
vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
|
||||
|
|
|
@ -103,4 +103,4 @@ def index():
|
|||
return jsonify(vulns)
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.run(port=8000, threaded=True, passthrough_errors=False)
|
||||
app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=False)
|
Loading…
Reference in New Issue