scalpel
scalpel copied to clipboard
StarCrossPortal
输出报告“漏洞名称”字段显示为test
问题1:被动扫描尝试了一下,发现生成的报告比较单一,感觉比较low。如果是免费版本,社区类的,建议把分类确认好,比如sql注入,RCE,XSS,或者直接按照OWASP 分类来也可以。
问题2:报告还有返回值为乱码,问题比较尖锐,往你们越来越好。 Request GET /bWAPP/htmli_get.php Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Connection: close Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=egr8fmvst3alet45nltho3c6f5; security_level=0 Origin: http://10.10.2.58:30010 Referer: http://10.10.2.58:30010/bWAPP/sqli_1.php Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
bug=2&form_bug=submit
Response HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Encoding: gzip Content-Length: 3570 Content-Type: text/html; charset=UTF-8 Date: Fri, 31 Mar 2023 10:44:40 GMT Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Server: Apache/2.4.18 (Ubuntu) Vary: Accept-Encoding
��������[[{�8}�_��a��v�$=�Yn�d6t�@�)��PǶ�&���[%�\2�~���)�N�*�5�������!Y�a�y�6��ό�����B�xYf'|uY�(fQ\��,Y�x��e)f�c
�N���ŗ��W��R�͛��r���H\�T�0�,.���O�YH�xY���{�y�2b0������HC�\v���1�b��M拘�R�\�)�Lo���|��!�9�&�d,*g��B��Kb�a2k<�s��G��+�_���^6��la�6_�DI���%<S�J�� ��i�U��2��L��7U�6s�6�Mj=�<Xg��;�2���n�M�
����혧��1<xӞ �e�L�ט�v��^�Ј��J���̒���<���%y�jk�`A�{����p���()e���1��@�<�>�c��u�y�w�4݈%l
�Ų��%s�v(�D�wr T�g!��p4g�ן�8}V�L��|�Š��h��'���Z1/�<~y؊�I�ʄ�d�>#����1�2<�p� ���>r��t��@��GsE�9|�1��I�WHW2�"���8y�{�s�6�}����/g�_
��t�3oNC��@��R���XT�AiJ��FO���Yh%��˲5q��F1���Y�Kq�
��
&!�����9#=��Z� 7lw���&�I�F�|
����L�G�3�x讛��߳G�������p�.uc�|���K��$�*&4�I@�C[��,���B��j��]Z����y�:�ÂnJ),����#.����:W�˴'ݤӞI��5�GKݍ����764z��f�:ǩ�f��^[H{�X|��,�c���W�,��z���%��A�y�� ڎ�tP1
�e����3AqF���Ư�*~�1촎.����f�q(�O�a*
��1�tx87�⤁.����8]�9�U0n��G�?9!
