Merge pull request #200 from tvergilio/commando_xss

Improved code to grant XSS flag - fixes Issue #196.
2026-02-21 11:18:06 +00:00 · 2021-08-21 18:17:22 +01:00
parent e6cb2b98a4 b867086a53
commit b77cd18977
1 changed files with 8 additions and 6 deletions
--- a/modules/generators/html/vuln_snippets/xss_search_template/secgen_local/local.rb
+++ b/modules/generators/html/vuln_snippets/xss_search_template/secgen_local/local.rb
@@ -41,12 +41,14 @@ class XSSsearchTemplateGenerator < StringEncoder
    medium_blacklist_insert = "\'" + blacklist_array[0] + "\',\'" + blacklist_array[1] + "\',\'" + blacklist_array[2] + "\'"

    # The snippets of code below are taken from lauras code and edited slightly
-    flag_statement = "if(in_array($search, $payloads)){
-                        ?>
-                        <div id=\"sucess\">
-                          #{strings_to_leak}
-                        </div>
-                        <?php
+    flag_statement = "$pattern=\"/<(?i)script>(confirm|prompt|alert)\\(([^'\\\"]*)\\);?<\\/script>/\";
+                        if(preg_match($pattern, $search)){
+                          ?>
+                          <div class=\"alert alert-info\">
+                            Well done, you have successfully exploited a cross-site scripting vulnerability!<br/>
+                            Here is a flag: #{strings_to_leak}
+                          </div>
+                         <?php
                    }
                  }"