-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JS Prime not finding the XSS vulnerability #22
Comments
Here document.write("hello" + document.location.href.substring(8) + "bye"); gets assigned as below Function Name: [] In the asignFunctionReturnValue() function it was with respect to the case2 : real_func_call and real_func_names Thats why xss couldnt be found. {"type":"BinaryExpression","operator":"+","left":{"type":"CallExpression","callee":{"type":"MemberExpression","computed":false,"object":{"type":"MemberExpression","computed":false,"object":{"type":"MemberExpression","computed":false,"object":{"type":"Identifier","name":"document","loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":24}}},"property":{"type":"Identifier","name":"location","loc":{"start":{"line":1,"column":25},"end":{"line":1,"column":33}}},"loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":33}}},"property":{"type":"Identifier","name":"href","loc":{"start":{"line":1,"column":34},"end":{"line":1,"column":38}}},"loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":38}}},"property":{"type":"Identifier","name":"substring","loc":{"start":{"line":1,"column":39},"end":{"line":1,"column":48}}},"loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":48}}},"arguments":[{"type":"Literal","value":8,"raw":"8","loc":{"start":{"line":1,"column":49},"end":{"line":1,"column":50}}}],"loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":51}}},"right":{"type":"Literal","value":"bye","raw":""bye"","loc":{"start":{"line":1,"column":52},"end":{"line":1,"column":57}}},"loc":{"start":{"line":1,"column":16},"end":{"line":1,"column":57}}} In engine.js at getFunction() method in the flow |
document.write("hello" + document.location.href.substring(8) + "bye");
This is a very common example of XSS vulnerability and JS Prime is not able to detect it, any workaround for it?
The text was updated successfully, but these errors were encountered: