Hello, all! For the first, has you ever meet webapp which generates its content with JavaScript (Process document.location and so on)? Something like http://dumpz.org/16356/ You can open such HTML with param foo=<script>alert(/XSS/)</script>
For the second, it's very hard to find such holes with w3af and other scanners which can't execute client-side code. Good news! We can (can we?) use for this purpose Selenium which has Python API =) What do you think about it? Taras -- "Software is like sex: it's better when it's free.", - Linus Torvalds. ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
