Result JSON Format
{
"type":"Type of PoC (G/R/V)",
"inject_type":"Injected Point",
"poc_type":"plain/curl/httpie/etc...",
"method":"HTTP Method",
"data":"PoC URL",
"param":"Parmeter",
"payload":"Attack Value",
"evidence":"Evidence with response body",
"cwe":"CWE ID",
"severity": "Severity (Low/Medium/High)"
}
| Key | Description | List |
|---|---|---|
| type | Type | - G (Grep) - R (Reflected) - V (Verified) |
| inject_type | Injected point | - inHTML-none (Injected in HTML area) - inJS-none (Injected in Javascript area) - inJS-double (Injected within " in Javascript area)- inJS-single (Injected within ' in Javascript area)- inJS-backtick (Injected within backtic1k in Javascript area) - inATTR-none (Injected within in Tag attribute area) - inATTR-double (Injected within " in Tag attribute area)- inATTR-single (Injected within ' in Tag attribute area) |
| poc_type | Type of poc code | - plain (URL) - curl (Curl command) - httpie (HTTPie command) |
| method | HTTP Method | - GET/POST/PUT/DELETE, etc… |
| data | PoC (URL) | - PoC URL |
| param | Parameter name | - Weak parameter name |
| payload | Paramter value | - Attack code in value |
| evidence | Evidence with repsonse body | - Simple codeview of where it’s injected in response body. |
| cwe | CWE ID | - Mapping CWE ID |
| severity | Severity | - Severity (Low/Medium/High) |
{
"type": "V",
"inject_type": "inHTML-URL",
"poc_type": "plain",
"method": "GET",
"data": "http://testphp.vulnweb.com/listproducts.php?cat=%27%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
"param": "cat",
"payload": "'\"><img/src/onerror=.1|alert`` class=dalfox>",
"evidence": "48 line: syntax to use near ''\"><img/src/onerror=.1|alert`` class=dalfox>' at line 1",
"cwe": "CWE-79",
"severity": "High"
}