Shouldn't be a bigger issue. I will do that over the weekend.
Regards
2011/7/1 Andres Riancho <andres.rian...@gmail.com>
> Hans,
>
> That's perfect man! The only improvement that I would suggest is based
> on the fact that (as you may already know) there can be more than one
> request/response associated with a vulnerability, so instead of:
>
> details = self._history.read(i.getId()[0])
> <store details to XML>
>
> You should have something like:
>
> for request_id in i.getId():
> details = self._history.read( request_id )
> <store details to XML>
>
> Also, the XSD file should be updated. Do you think you could do that?
> Thanks!
>
> Regards,
>
> On Fri, Jul 1, 2011 at 2:25 PM, Hans-Martin Münch
> <hansmartin.mue...@googlemail.com> wrote:
> > Hi
> >
> > I did the "request/response" thing just yesterday night. Please see the
> > attached file (needs some additional testing, and I'm definitely no
> python
> > pro ;-) )
> >
> > Regards
> >
> > Hans-Martin
> >
> > 2011/7/1 Adrien de Beaupre <adrie...@gmail.com>
> >>
> >> Hi,
> >>
> >> I would like to suggest the following enhancements to the XML output
> >> report.
> >>
> >> 1- In the w3afrun element add an attribute with the current w3af
> >> version as follows:
> >> <w3afrun start="1302267277" startstr="Fri Apr 08 08:54:37 2011"
> >> xmloutputversion="1.00" version" 1.1 (from SVN server)" build"r4349">
> >>
> >> 2 - In the vulnerability element add the HTTP request and response for
> >> each discovered issue as follows:
> >> <vulnerability id="[15006]" method="POST" name="SQL injection
> >> vulnerability" plugin="sqli" severity="High"
> >> url="http://crackme.cenzic.com/Kelev/view/updateloanrequest.php";
> >> var="txtAnnualIncome">
> >> SQL injection in a MySQL database was found at: ,
> >>
> >> "
> http://crackme.cenzic.com/Kelev/view/updateloanrequest.php"using
> >> HTTP method POST. The sent post-data was:
> >> "...txtAnnualIncome=d'z"0...". This vulnerability was
> >> found in the request with id 15006.
> >> <httprequest>...
> >> </httprequest>
> >> <httpresponse>...
> >> </httpresponse>
> >> </vulnerability>
> >>
> >> Cheers,
> >> Adrien
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> All of the data generated in your IT infrastructure is seriously
> valuable.
> >> Why? It contains a definitive record of application performance,
> security
> >> threats, fraudulent activity, and more. Splunk takes this data and makes
> >> sense of it. IT sense. And common sense.
> >> http://p.sf.net/sfu/splunk-d2d-c2
> >> _______________________________________________
> >> W3af-develop mailing list
> >> W3af-develop@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
> >
> ------------------------------------------------------------------------------
> > All of the data generated in your IT infrastructure is seriously
> valuable.
> > Why? It contains a definitive record of application performance, security
> > threats, fraudulent activity, and more. Splunk takes this data and makes
> > sense of it. IT sense. And common sense.
> > http://p.sf.net/sfu/splunk-d2d-c2
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
