Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Fixes issue 427): fixed sending back PoC for POST injection with xssrays.

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1251 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-09-02 10:18:48 +00:00
parent 10d8edb5fd
commit 3f82b0315a
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/main/client/net/xssrays.js
View File

@@ -234,7 +234,7 @@ beef.net.xssrays = {
for (var k = 0; k < this.vectors.length; k++) {
// skip the current vector if it's not compatible with the hooked browser
if (!this.checkBrowser(i)){
if (!this.checkBrowser(k)){
beef.net.xssrays.printDebug("Skipping vector [" + this.vectors[i].name + "] because it's not compatible with the current browser.");
continue;
}
@@ -377,8 +377,8 @@ beef.net.xssrays = {
for (var i in params) {
if (params.hasOwnProperty(i)) {
//poc = vector.input.replace(/XSS/g, "BUG");
poc = "something";
poc = vector.input.replace(/XSS/g, "alert(1)");
poc = poc.replace(/<\/script>/g, "<\/scr\"+\"ipt>");
pocurl += i + '=' + (urlencode ? encodeURIComponent(poc) : poc); // + '&';
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
@@ -391,7 +391,6 @@ beef.net.xssrays = {
form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';
beef.net.xssrays.printDebug("form param[" + i + "] = " + params[i].toString());
paramsPos++;
}
}