[W3af-develop] XML Output enhancement recommendation

Adrien de Beaupre Fri, 01 Jul 2011 08:54:10 -0700

Hi,

I would like to suggest the following enhancements to the XML output report.


1- In the w3afrun element add an attribute with the current w3af
version as follows:
<w3afrun start="1302267277" startstr="Fri Apr 08 08:54:37 2011"
xmloutputversion="1.00" version" 1.1 (from SVN server)" build"r4349">

2 - In the vulnerability element add the HTTP request and response for
each discovered issue as follows:
    <vulnerability id="[15006]" method="POST" name="SQL injection
vulnerability" plugin="sqli" severity="High"
url="http://crackme.cenzic.com/Kelev/view/updateloanrequest.php";
var="txtAnnualIncome">
        SQL injection in a MySQL database was found at: ,
&quot;http://crackme.cenzic.com/Kelev/view/updateloanrequest.php&quot;using
HTTP method POST. The sent post-data was:
&quot;...txtAnnualIncome=d'z&quot;0...&quot;. This vulnerability was
found in the request with id 15006.
           <httprequest>...
           </httprequest>
           <httpresponse>...
           </httpresponse>
    </vulnerability>

Cheers,
Adrien

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

[W3af-develop] XML Output enhancement recommendation

Reply via email to