Am 16.02.2012 23:50, schrieb Andres Riancho:
> Achim,
>> escaped or removed angle braces:
>>continue with tag or attribute injection
>
> If and only if we're not in a TEXT (TEXT) section, because
> we're never going to be able to execute JS if we don't create some
> kind of new tag and are in
Daniel,
On Thu, Feb 16, 2012 at 12:59 PM, Daniel Zulla
wrote:
> Nevertheless,
>
> I just wanted to point out that not every library seems to properly
> validate/sanitize all the input:
> (core/data/url/handlers/redirect.py)
>
> # fix a possible malformed URL
> urlparts = urlparse.u
Martin,
On Thu, Feb 16, 2012 at 6:36 PM, Martin Holst Swende wrote:
> Hi,
> on n900, so I'll be brief.
> There are lots of xss filters, and many of them sends you to a different
> page (frontpage or errorpage) when it detects xss attempts. Therefore, I
> think it is better to start with a non-mal
Achim,
On Thu, Feb 16, 2012 at 6:01 PM, Achim Hoffmann wrote:
> Hi Andrés,
>
> I'd start with following (the payload literaly):
>
> uniqew3afid"' foo=bar -->
>
> The goal is to detect XSS in most variants, so how it works:
> uniqew3afid - find payload in response (reflected)
> "'
Hi,
on n900, so I'll be brief.
There are lots of xss filters, and many of them sends you to a different page
(frontpage or errorpage) when it detects xss attempts. Therefore, I think it is
better to start with a non-malicious payload and go from there:
1. Check reflection with unique string.
2.
Hi Andrés,
I'd start with following (the payload literaly):
uniqew3afid"' foo=bar -->
The goal is to detect XSS in most variants, so how it works:
uniqew3afid- find payload in response (reflected)
"' - test if single and/or double quotes are encoded
Martin, Taras,
While trying to code the new xss.py I've found myself in a
situation where I see that it's difficult to cover all cases. Just to
make sure we're talking about the same thing, what we're trying to do
is to detect reflected XSS vulnerabilities with the lowest amount of
HTTP reques
On 02/16/2012 07:54 PM, Andres Riancho wrote:
> <>"'(); and find the same string in the response, that doesn't
> confirm a XSS (there might be a filter that removes the inputs with
> "script" in it)
That may be true, but if input can break HTML context - it's a
vulnerability. Actually finding
an XS
Martin,
On Thu, Feb 25, 2010 at 1:39 PM, Andres Riancho
wrote:
> Martin,
>
> On Wed, Feb 24, 2010 at 4:18 PM, Martin Holst Swende wrote:
>> Hi all,
>>
>> I was browsing through the code for the xss-module, when I came upon a
>> strange thing :
>>
>> # Analyze the response
>> allowed
Nevertheless,
I just wanted to point out that not every library seems to properly
validate/sanitize all the input:
(core/data/url/handlers/redirect.py)
# fix a possible malformed URL
urlparts = urlparse.urlparse(newurl)
if not urlparts.path:
urlparts = list(ur
Daniel,
On Thu, Feb 16, 2012 at 10:38 AM, Daniel Zulla
wrote:
> All software has vulnerabilities, it's in their nature :)
>
>
> Right.
>
> Don't really. As soon as the byte string enters w3af, the best
> thing to do is to decode it using the best encoding available (the one
> in Content-Enc
>All software has vulnerabilities, it's in their nature :)
Right.
>Don't really. As soon as the byte string enters w3af, the best
> thing to do is to decode it using the best encoding available (the one
> in Content-Encoding header, or some other we might have in the HTTP
> response) and
Daniel,
On Thu, Feb 16, 2012 at 10:07 AM, Daniel Zulla
wrote:
> I have analyzed some closed source vulnerability scanners, and audited open
> source scanners like skipfish.
> Some of them are ironically vulnerable. Somebody may create an apache2 module
> that recognizes attacks in order to forc
I have analyzed some closed source vulnerability scanners, and audited open
source scanners like skipfish.
Some of them are ironically vulnerable. Somebody may create an apache2 module
that recognizes attacks in order to force penetration testers' software to
crash (or worse, e.g. to execute arb
Hmmm, imho, releases gives opportunity to end users (including
production systems) run **stable** version of w3af. Even Chrome and
Firefox with autoupdate features have releases and futhermore LTS
versions. Trunk version can't be stable by it nature. You will not use
e.g. ArchLinux as productio
Daniel,
On Wed, Feb 15, 2012 at 6:33 PM, Daniel Zulla
wrote:
> Hi,
> Why do you even want to convert bytestrings to unicode?
Because the remote HTTP server receives a string of bytes, and
sends a string of bytes back to you in the HTTP response.
> Do you have some code / a example where tho
16 matches
Mail list logo
