I've been writing a script that will check for reflective XSS vulnerabilities. I'm having an error on a part that checks if you have "http://" or "https://" in your URL and '*' in the place of queries. However, when I put https://google.com/#q=*", it results in
ERROR! MISSING 'http://', OR 'https://'!`. Here's my code:
<!DOCTYPE html>
<html>
<head>
<title>Slingshot.XSS</title>
</head>
<body style="font-family:monospace;" align="center">
<h2>Slingshot.XSS</h2>
<h3>Slingshot.XSS is a script that launches pre-loaded XSS payloads at a target to test its vulnerabilities.</h3>
<h4>Please report all issues to <a href="http://ift.tt/2qk9t6X"></a> or contact me at keeganjkuhn@gmail.com.</h4>
<a href="http://ift.tt/2pr7PD9" style="font-family:monospace" align="center">Source Code / Learn More</a>
<br />
<h4>Enter a URL with <b>*</b> in the place of query.</h4>
<h5>Example: http://ift.tt/2qk2TgO;
<input type="text" id="myText" placeholder="Enter a URL"> <button onclick="myFunction()">Submit</button>
<p id="demo">No Submitted URL</p>
<script>
function myFunction() {
var x = document.getElementById("myText").value;
// Error check
if ( !x.includes("*") && ( !x.includes("http://") || !x.includes("https://") ) ) {
document.getElementById("demo").innerHTML = "ERROR! MISSING \'*\' IN PLACE OF QUERY, \'http://\', AND \'https://\'!";
x = false;
return 0;
}
if ( !x.includes("*") ) {
document.getElementById("demo").innerHTML = "ERROR! MISSING \'*\' IN PLACE OF QUERY!";
x = false;
return 0;
}
if ( !x.includes("http://") || !x.includes("https://") ) {
document.getElementById("demo").innerHTML = "ERROR! MISSING \'http://\', OR \'https://\'!";
x = false;
return 0;
}
document.getElementById("demo").innerHTML = x;
}
</script>
</body>
</html>
What am I doing wrong?
Aucun commentaire:
Enregistrer un commentaire