Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Reflected XSS, Added Blind XSS and Time based SQLi #9695

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Updated Reflected XSS, Added Blind XSS and Time based SQLi #9695

wants to merge 11 commits into from

Conversation

0xKayala
Copy link
Contributor

@0xKayala 0xKayala commented May 3, 2024
edited

Template / PR Information

Updated Reflected XSS, Added Blind XSS and Time based SQLi

  • References:

Template Validation

I've validated this template locally?

  • YES

Additional Details (leave it blank if not applicable)

Updated Reflected XSS, Added Blind XSS and Time based SQLi

Additional References:

@GeorginaReeder
Copy link

Great, thanks for contributing @0xKayala !

@ritikchaddha
Copy link
Contributor

Hello @0xKayala, We appreciate you creating this template and sharing this with the community. However, in the template blind-xss.yaml, you have added your own blind XSS payload which is not suitable to add in the template, could you please update the template accordingly.

@mastercho
Copy link
Contributor

mastercho commented Jun 7, 2024
edited

I guess this will rejected, i was advised to not create these templates from PD team because they will just go for lot FALSE POSITIVE and they are right, there no way to verify these blind and time based ones.

If gets approved then will show how much discrimination we have here...

@ritikchaddha
Copy link
Contributor

Hello @mastercho,

We are now implementing the flow in these templates to reduce false positives. We are open to including these templates in our coverage using flow and would like to hear your input on time-based SQL injection or any other templates you may have.

Thanks

@ritikchaddha ritikchaddha added the Done Ready to merge label Jun 11, 2024
@mastercho
Copy link
Contributor

Hello @mastercho,

We are now implementing the flow in these templates to reduce false positives. We are open to including these templates in our coverage using flow and would like to hear your input on time-based SQL injection or any other templates you may have.

Thanks

I can see what's going on here, when i propose these templates you rejected me, and say would give only false positive which is true, i see also yall ignoring me on purpose now and this is not fair. I tried to help PD always but seems help is not welcomed... And these templates must be under fuzzing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@princechaddha princechaddha princechaddha approved these changes

Assignees

@ritikchaddha ritikchaddha

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@0xKayala @GeorginaReeder @ritikchaddha @mastercho @princechaddha