Merge pull request #14760 from lu4nx/add-post-reflected-xss

reflected-xss.yaml: add support for POST requests
2026-01-31 15:53:33 +08:00 · 2026-01-15 23:37:30 +05:30
parent d382e5c2ea 10ded2ad2a
commit e6bda08936
1 changed files with 9 additions and 1 deletions
--- a/dast/vulnerabilities/xss/reflected-xss.yaml
+++ b/dast/vulnerabilities/xss/reflected-xss.yaml
@@ -15,13 +15,21 @@ http:
  - pre-condition:
      - type: dsl
        dsl:
+          - 'method == "POST"'
          - 'method == "GET"'
+        condition: or

    payloads:
      reflection:
        - "'\"><{{first}}>"

    fuzzing:
+      - part: body
+        type: postfix
+        mode: single
+        fuzz:
+          - "{{url_encode(reflection)}}"
+
      - part: query
        type: postfix
        mode: single
@@ -47,4 +55,4 @@ http:
        part: content_type
        words:
          - "text/html"
-# digest: 490a00463044022030f20275349609941dc22dc277024f1a68a1e0e01a361d80ec923d1ad1f838ea02202ba948e17d033abf38602d49193da8e3f7b801dde81371e9377af43c6002828a:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022030f20275349609941dc22dc277024f1a68a1e0e01a361d80ec923d1ad1f838ea02202ba948e17d033abf38602d49193da8e3f7b801dde81371e9377af43c6002828a:922c64590222798bb761d5b6d8e72950