Hi, all! For the first, I'm glad to say that now w3af can fuzz rewritten URLs [0]. It was really easy to implement using as template fuzzFileName.
For the second, tests have shown that our xss strings in audit plugin is not always enough to find XSS. For example, I have such .htaccess:
Options -MultiViews
RewriteEngine on
RewriteBase /
RewriteRule ^article/([^\/]+)$ news.php?id=$1 [L]
and vuln piece of code:
<body>
<h1>News for <?php echo $id ?></h1>
<p>
In this case XSS was not found because of '&' character. So I have just
added very simple test string:
xss_tests.append(("<RANDOMIZE>\"'", [browsers.ALL, ]))
How to test fuzzURLParts:
1. extract news.tar.gz into vhost dir
2. svn co rewritten-urls branch
3. run ./w3af_console -s scripts/script-fuzzURLParts.w3af
[0] https://w3af.svn.sourceforge.net/svnroot/w3af/branches/rewritten-urls
--
Taras
http://oxdef.info
news.tar.gz
Description: application/gzip
------------------------------------------------------------------------------ Systems Optimization Self Assessment Improve efficiency and utilization of IT resources. Drive out cost and improve service delivery. Take 5 minutes to use this Systems Optimization Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
_______________________________________________ W3af-develop mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-develop
