Shatter, On Wed, Oct 21, 2009 at 10:20 AM, <shat...@shatter-blog.net> wrote: > Hello, > > Thanks for the fix Raul, I had not pointed out this problem :s
Please see this [0] commit. It includes a slightly modified version of your plugin. The modifications I made were: - Removed the usage of BeautifulSoup - Added the check to see if the xss was fixed or not (as reported by xssed.com) - Changed the messages a little bit - Rewrote _decode_xssed_url in order to be read easily Thanks, and keep the cool plugins flowing ;) [0] http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=3096 > > On Wed, 21 Oct 2009 09:53:10 +0200, Raul Siles <raul.si...@gmail.com> > wrote: >> Hi there, >> There is a false positive issue regarding XSSed.com. If you search by >> "google.com", it then displays all previously seen XSS flaws on >> domains ending up on google.com. Eg. Previous xssed page : >> http://www.aramamotoru-google.com. >> >> In order to just get all XSSed pages for websites under exactly the >> given root domain, it is required to append a "." in front of the >> domain. >> >> The attached plug-in includes the "." fix. >> >> BTW, Andres, is there a way of refreshing the list of plug-ins without >> restarting w3af? If not, here you are a new enhancement request ;) >> >> Cheers, >> -- >> Raul Siles >> www.raulsiles.com >> >> >> >> On Sun, Oct 18, 2009 at 6:13 PM, Andres Riancho >> <andres.rian...@gmail.com> wrote: >>> List, >>> >>> I'm a little bit flooded with work (at least for today). Could >>> anyone please review this plugin? Thanks! >>> >>> Cheers, >>> >>> On Sun, Oct 18, 2009 at 7:38 AM, shatter <shat...@shatter-blog.net> >>> wrote: >>>> Hello everybody, >>>> >>>> I'm new on this mailing-list so i don't know exactly how it's work to >>>> publish a new plugin... >>>> >>>> I am a French Developer (sorry for my English :s ) and I made a new >>>> plugin >>>> for w3af : xssedDotCom. This plugin parses xssed.com database in order >>>> to >>>> find xssedpage, and give an example of each xssed page. >>>> >>>> Do you accept this plugin? >>>> >>>> Shatter >>>> >>>> PS : Congratulations to Andres Riancho and all the developers for this >>>> excellent framework :-) >>>> >>>> >>>> > ------------------------------------------------------------------------------ >>>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>>> is the only developer event you need to attend this year. Jumpstart > your >>>> developing skills, take BlackBerry mobile applications to market and >>>> stay >>>> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>>> http://p.sf.net/sfu/devconference >>>> _______________________________________________ >>>> W3af-develop mailing list >>>> W3af-develop@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >>> > ------------------------------------------------------------------------------ >>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> is the only developer event you need to attend this year. Jumpstart your >>> developing skills, take BlackBerry mobile applications to market and > stay >>> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> http://p.sf.net/sfu/devconference >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
