DanMcInerney/xsscrapy

Please fix this: lots of false positives

PauloChoupina opened this issue · 0 comments

example: tesla.txt

basically your script injected this string:
1zqjoz'"(){}:1zqjoz;9

And in the response it found:
1zqjar'%22()%7b%7d%3cx%3e:1zqjar;9

And reports as valid bug?!

THE INPUT IS PROPERLY HANDLE.
There is not vulnerability.

I am tired of getting this, could you please fix it?
I have a tool of my own and it has far less false positives than yours, this should be easy to fix (but i don't know).

Could you prioritise this?

ps: I love your tool is just that this false positive thing is anoying..
all the best!