-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xss扫描规则 #17
Labels
提问
ask a question
Comments
XSS只会扫描响应类型为text/html的请求,对于那些与参数名相同的URL,会进行去重扫描。 |
您好,再继续问一下哈,除了根据content-type进行xss插件的判断,是否还有其他条件,如get请求带有参数或者post请求?如果页面存在注入点,wscan会扫描那些类型的的漏洞插件?整体的插件扫描匹配规则是怎样的呢? |
举个列子呢 |
扫描sql注入插件或者xss插件是根据参数或者是post请求来判断的吗? |
自定义的web通用漏洞扫描插件,适用于所有路径 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
请问下,是不是爬虫爬取到的所有URL都会扫描xss插件,如果不是,是根据什么标准来判断要跑xss插件的呢,在框架代码中没有看到这部分的逻辑
The text was updated successfully, but these errors were encountered: