Re: [W3af-develop] [W3af-svn-notify] SF.net SVN: w3af:[5502] branches/xss/plugins/tests/audit/test_xss.py

Sat, 04 Aug 2012 08:19:46 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Taras,

        There is a test in WAVSEP that I think we won't be able to pass
because of a performance improvement that w3af has:

('Case32-Tag2HtmlPageScopeValidViewstateRequired.jsp', 'userinput',
['userinput', '__VIEWSTATE']),

        If this means that w3af should find XSS vuln in __VIEWSTATE, I think
it won't be possible because in fuzzer.py we have IGNORED_PARAMETERS
that contains it.

        Of course we could change that... but I don't think it will make much
sense. Just wanted to let you know beforehand so you know what's going
on when that test is not passed.

Regards,

On 08/04/2012 10:16 AM, ox...@users.sourceforge.net wrote:
> Revision: 5502 
> http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev Author:
> oxdef Date:     2012-08-04 13:16:16 +0000 (Sat, 04 Aug 2012) Log
> Message: ----------- Fixed tests
> 
> Modified Paths: -------------- 
> branches/xss/plugins/tests/audit/test_xss.py
> 
> This was sent by the SourceForge.net collaborative development
> platform, the world's largest Open Source development site.
> 
> 
> ------------------------------------------------------------------------------
>
> 
Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond.
> Discussions will include endpoint security, mobile security and the
> latest in malware threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ 
> _______________________________________________ W3af-svn-notify
> mailing list w3af-svn-not...@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
> 



- -- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlAdPXYACgkQLgy+VpPDRPPoeACfT0E2CDyx7xLHjlGcSmv5YtoK
T9oAnAiRHO8zbmorJGHR+OGEFtX7E2OS
=rXXC
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to