Cookie and User-Agent), and the Payload provided by the user.scripts/replay.py execution script.python3 scripts/replay.py --url "{URL}" --method "{METHOD}" --data "{PAYLOAD}" --headers "{JSON_HEADERS}"500 Internal Server Error (often indicates syntax escape or fatal exception).body_snippet for signature keywords: SQLSTATE, Syntax error, ExtractValue, XPATH syntax error, Call to undefined function, etc.Output Format below.[+] PoC Validation Report
[*] Target Interface : {Method} {URL}
[*] Test Payload : {The critical injection code/payload}
[*] Response Status: {Status Code} (e.g., 200 OK / 500 Internal Server Error)
[!] Analysis Conclusion:
{Clearly state if the vulnerability exists. E.g., "SQL Error-Based Injection confirmed. Successfully captured SQLSTATE[42000] exception." or "Injection failed. The target returned 200 OK with sanitized input."}
[-] Critical Evidence / Stack Trace:
{The extracted error logs or relevant response snippet demonstrating the vulnerability}
共 1 个版本