Why is the program getting worse?

Question

Why is the program getting worse?

Phoenix1112 opened this issue 5 years ago · comments

Phoenix1112 commented 5 years ago

I use this program the way you say. I cannot get any results when I use the following command with version 1.1.3

XSpear -u "http://testphp.vulnweb.com" -d "searchFor:yy"

but with version 1.1.3 the following command was running.

XSpear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test

I installed version 1.1.6 today. but none of them work anymore.

XSpear -u "http://testphp.vulnweb.com" -d "searchFor:yy"

XSpear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test

previously running command also no longer works. The programs is correcting with updates but this program is getting worse.

HAHWUL · Answer 1 · Mon Aug 19 2019 08:50:36 GMT+0800 (China Standard Time)

From 1.1.6, only the parameters that have been reflected have been changed to test by default, except blind xss and basic tests. (because too many requests occur and have a significant impact on scan speed)

So I don't think the results are there. Can you give me a details log?

e.g

xspear  -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test
    )  (
 ( /(  )\ )
 )\())(()/(          (     )  (
((_)\  /(_))`  )    ))\ ( /(  )(
__((_)(_))  /(/(   /((_))(_))(()\
\ \/ // __|((_)_\ (_)) ((_)_  ((_)
 >  < \__ \| '_ \)/ -_)/ _` || '_|
/_/\_\|___/| .__/ \___|\__,_||_|    />
           |_|                   \ /<
{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
                                 / \<
                                    \>       [ v1.1.6 ]
[*] analysis request..
[-] [09:46:49] [200/OK] 'cat' not reflected <script>alert(45)</script>
[-] [09:46:49] [200/OK] 'test' not reflected rEfe6
[-] [09:46:49] [200/OK] 'cat' not reflected rEfe6
[-] [09:46:49] [200/OK] 'STATIC' not reflected
[-] [09:46:49] [200/OK] 'test' not reflected <script>alert(45)</script>
[*] creating a test query [for reflected 0 param + blind xss ]
[*] test query generation is complete. [0 query]
[*] starting XSS Scanning. [10 threads]
[*] finish scan. the report is being generated..
+----+-------+-----------------+--------+-------+------------------+---------------------------+
|                                      [ XSpear report ]                                       |
|        http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhah... (snip)         |
|            2019-08-19 09:46:48 +0900 ~ 2019-08-19 09:46:49 +0900 Found 5 issues.             |
+----+-------+-----------------+--------+-------+------------------+---------------------------+
| NO | TYPE  | ISSUE           | METHOD | PARAM | PAYLOAD          | DESCRIPTION               |
+----+-------+-----------------+--------+-------+------------------+---------------------------+
| 0  | INFO  | STATIC ANALYSIS | GET    | -     | <original query> | Found Server: nginx/1.4.1 |
| 1  | INFO  | STATIC ANALYSIS | GET    | -     | <original query> | Not set HSTS              |
| 2  | INFO  | STATIC ANALYSIS | GET    | -     | <original query> | Content-Type: text/html   |
| 3  | LOW   | STATIC ANALYSIS | GET    | -     | <original query> | Not Set X-Frame-Options   |
| 4  | MIDUM | STATIC ANALYSIS | GET    | -     | <original query> | Not Set CSP               |
+----+-------+-----------------+--------+-------+------------------+---------------------------+
< Available Objects >
Not found

< Raw Query >

p.s.
The format of the data in the -d option is abcd=1234 and JSON POST is not yet supported.

I'm still thinking about "default reflected" and "default all." If you have any good ideas, please share them.