Skip to content

输出报告“漏洞名称”字段显示为test #18

New issue
New issue
Open
Open
输出报告“漏洞名称”字段显示为test#18
@oldhand2016

Description

@oldhand2016
oldhand2016
opened on Mar 31, 2023

问题1:被动扫描尝试了一下,发现生成的报告比较单一,感觉比较low。如果是免费版本,社区类的,建议把分类确认好,比如sql注入,RCE,XSS,或者直接按照OWASP 分类来也可以。

问题2:报告还有返回值为乱码,问题比较尖锐,往你们越来越好。
Request
GET /bWAPP/htmli_get.php
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Connection: close
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=egr8fmvst3alet45nltho3c6f5; security_level=0
Origin: http://10.10.2.58:30010
Referer: http://10.10.2.58:30010/bWAPP/sqli_1.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0

bug=2&form_bug=submit

Response
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Length: 3570
Content-Type: text/html; charset=UTF-8
Date: Fri, 31 Mar 2023 10:44:40 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding

�����������[[{�8�}�_��a��v���$=�Yn�d6t�@�)���PǶ��&���[%�\�2�~���)�N�*�5��������!Y�a�y�6����ό������B�xYf�'|uY�(fQ\��,Y�x��e)f�c�
�N����ŗ��W��R�͛��r����H�\�T��0�,.����O��YH�xY���{�y��2�b�0�������HC��\v���1�b���M拘�R�\�)�Lo����|���!�9�&�d,*�g��B��Kb�a�2k<�s��G��+�_���^6��la�6_�DI���%<S��J�� ��i�U��2��L��7U���6s�6�M�j�=�<�Xg��;��2���n�M�
����혧��1<xӞ �e��L��ט�v��^�Ј��J����̒���<����%y��jk�`A�{����p����()e����1��@�<�>�c��u�y�w�4݈%l�
�Ų��%s�v(�D�wr T�g!���p4g��ן�8}V�L��|�Š���h��'���Z1/�<~y�؊���I�ʄ�d�>#����1�2<���p� ������>r���t��@��GsE�9|�1��I�WHW2�"�����8y�{�s�6�}�� ����/g�_
���t��3oNC��@��R����XT�AiJ���FO���Yh%��˲5q��F1����Y�Kq�
��
�&�!��������9#=��Z�� 7lw���&�I�F��|
����L�G�3��x讛��߳G�������p�.uc�|����K��$��*&4�I@�C�[��,���B��j��]Z�����y�:����ÂnJ),�������#.�����:W�˴'ݤӞI��5�GK�ݍ����764z��f��:ǩ�f��׺^[H{�X|��,�c���W�,��z���%��A�y�� ڎ�tP1
��e�����3Aq�F���Ư�~�1촎.����f�q(�O���a
��1�tx87��⤁.����8]�9�׌U0n��G�?�9!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions