Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new feature on CheckPOC #26

Open
blackcodersec opened this issue Oct 4, 2024 · 2 comments
Open

Add new feature on CheckPOC #26

blackcodersec opened this issue Oct 4, 2024 · 2 comments

Comments

@blackcodersec
Copy link

Check out the new features of knoxss. CheckPOC is the new function where we can send custom payloads. Please implement this function.
@xnl-h4ck3r
Copy link
Owner

Hey @blackcodersec , thanks for letting me know. I need to find out a bit more about it because I can't much documentation. I saw on Twitter that you pass &checkpoc=1. Is that all there is to it? So if the url contains a payload already and it pops, and you pass &checkpoc=1 you just get a success reponse?

@blackcodersec
Copy link
Author

I am a little bit confused!
I recently tested that new method, but I saw the knoxss API shows the link is vulnerable and sometimes can't catch up. like, see some SS.

{666DEBB1-10AC-456F-B2E5-8882ACF6936E}

but if you visit that link http://testphp.vulnweb.com/listproducts.php?artist=<svg/onload=alert(1337)>
you will get the pops.

{FE4249DF-953C-4D17-8AF3-758A07367305}

also, I tried API method

image

as brutelogic mention, and I saw on Twitter that you pass &checkpoc=1, I think I used right way. but not working. you can check now. If you want API key for testing purposes, please knock me on Discord (0xhunster_).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blackcodersec @xnl-h4ck3r