SaiRson

icon company Universe/v2 icon location #PenTest | #RedTeam | #Student | #Universe dev (Current)

Results 5 issues of SaiRson

There is a problem with the password output of credman

I found that cradman outputs garbled characters instead of the HEX string in the password, where it should be. So I located the problem point ![image](https://user-images.githubusercontent.com/74412075/163706173-3d23cc5c-21e4-40d9-9876-7e866a42f952.png) Hope to improve the...

I want to know if the location of the name can be case insensitive, if I can how to do it

1 comment

I want to know if the location of the name can be case insensitive, if I can how to do it

kind/question
area/v2
status/user-feedback-required

增加sitemap.xml(网站地图)解析功能,其读取主要和robots.txt差不多

1 comment

增加两个结构体用于sitemap.xml内容解析 ``` type Sitemap struct { URLs []LocUrl `xml:"url"` Sitemap []LocUrl `xml:"sitemap"` } type LocUrl struct { Loc string `xml:"loc"` } ``` 之后在获取的返回包body后 ``` sitemap := Sitemap{} if err :=...

feature

问题:cookie的默认分割符似乎是错误的

1 comment

正常的数据包cookie如下: ``` Cookie: PHPSESSID=52se65iostug8t6m3n1e6ci5q1; security=low; __gads=ID=20731127b2b2c752-2227c28839d9006d:T=1673348542:RT=1673348542:S=ALNI_MY22w7gnrKV3vBdspJ9-FIx7QFB8A; __gpi=UID=00000ba13afbd7f8:T=1673348542:RT=1673404879:S=ALNI_Maz1ft13Jgrw_vh4tefxxNjCTFwlw ``` 分隔符应该以 ; 为主,而在程序中cookie的默认分隔符被设置为了&符号,这样回导致我们在处理cookie时出现问题

w13scan pluginBase基类paramsCombination方法疑似问题

1 comment

在pluginBase基类的paramsCombination方法当中,当place==PLACE.POST且hint==POST_HINT.NORMAL时,这里我的理解时应该生成可以遍历的payloads(以sqli_error.py为例)如: ![image](https://user-images.githubusercontent.com/74412075/211272808-5afdb466-b81a-49a7-bac1-73f96ed3f575.png) 但w13scan测试生成的payload如图 ![image](https://user-images.githubusercontent.com/74412075/211272922-fd229a8a-d327-408e-9914-570b23c40e58.png) 原因: ![image](https://user-images.githubusercontent.com/74412075/211273092-e5d29a5e-5d87-4639-9838-58f7e7d20694.png) 在遍历payloads时对new_data[key]进行了覆盖,导致result最终添加的都是最后一个payload值