xray icon indicating copy to clipboard operation
xray copied to clipboard
verified publisher icon chaitin

xray unstable / something wrong | Why the xray can't detect an easy xss

Open themeswordpress opened this issue 2 years ago • 1 comments

Dears,

Why the xray can't detect an easy xss

.\xray_windows_amd64.exe ws -u "https://www[.]taawon[.]org/donateformsubmit?currency=9337" --plugins xss --html-output sdsd.html

POC https://www[.]taawon[.]org/donateformsubmit?currency=9337">

themeswordpress avatar Dec 10 '23 00:12 themeswordpress

same

khanjanny avatar Dec 15 '23 13:12 khanjanny

Hi there, After testing this target, We find this vuln SHOULD be detected by xray.

The payload works like: https://www.taawon.org/donateformsubmit?currency=TESTPAYLOAD

<input type="hidden"  name="PurchaseCurrency" value="TESTPAYLOAD"><br>

It's a simple one. And we believe this payload is rendered to template by server side. However, xray will send lots payload to detect this website. The server of this website will strike under high frequency requests:

currency=abcdefg
...
<input type="hidden"  name="PurchaseCurrency" value="abcdefg"><br>  // at the beginning
...

currency=PAYLOAD
...
<input type="hidden"  name="PurchaseCurrency" value=""><br>  // After a period of high frequency requests
...

So unfortunately, the payload could xssed DROPPED by server. This vulnerability can be detected after adjusting the frequency of requesting the target on the code side(time.Sleep(time.Second), lol).

zeoxisca avatar Apr 09 '24 10:04 zeoxisca