-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good to hear that :)
On 08/04/2012 04:58 PM, Taras wrote:
> Andres,
>
> It is all right with this test because __VIEWSTATE is used here
> only as CSRF token (not as vulnerable parameter). We already passes
> it.
>
>
>> There is a test in WAVSEP that I think we won't be able to pass
>> because of a performance improvement that w3af has:
>>
>> ('Case32-Tag2HtmlPageScopeValidViewstateRequired.jsp',
>> 'userinput', ['userinput', '__VIEWSTATE']),
>>
>> If this means that w3af should find XSS vuln in __VIEWSTATE, I
>> think it won't be possible because in fuzzer.py we have
>> IGNORED_PARAMETERS that contains it.
>>
>> Of course we could change that... but I don't think it will make
>> much sense. Just wanted to let you know beforehand so you know
>> what's going on when that test is not passed.
>>
>> Regards,
>>
>> On 08/04/2012 10:16 AM, ox...@users.sourceforge.net wrote:
>>> Revision: 5502
>>> http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev
>>> Author: oxdef Date: 2012-08-04 13:16:16 +0000 (Sat, 04 Aug
>>> 2012) Log Message: ----------- Fixed tests
>>>
>>> Modified Paths: --------------
>>> branches/xss/plugins/tests/audit/test_xss.py
>>>
>>> This was sent by the SourceForge.net collaborative development
>>> platform, the world's largest Open Source development site.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>>
>>
>>>
Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security
>>> and threat landscape has changed and how IT managers can
>>> respond. Discussions will include endpoint security, mobile
>>> security and the latest in malware threats.
>>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> W3af-svn-notify mailing list
>>> w3af-svn-not...@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
>>>
>>
>>
>>
>> - -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web
>> Application Attack and Audit Framework Twitter: @w3af GPG:
>> 0x93C344F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11
>> (GNU/Linux)
>>
>> iEYEARECAAYFAlAdPXYACgkQLgy+VpPDRPPoeACfT0E2CDyx7xLHjlGcSmv5YtoK
>> T9oAnAiRHO8zbmorJGHR+OGEFtX7E2OS =rXXC -----END PGP
>> SIGNATURE-----
>
>
- --
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlAdsCQACgkQLgy+VpPDRPNRAACdH7CWFU2f9uYZQpE/K/5IvLl8
mbgAnjYFTDMX5V1kwU+Z/HIllhiyod0A
=MTLY
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
