Hi there, There is a false positive issue regarding XSSed.com. If you search by "google.com", it then displays all previously seen XSS flaws on domains ending up on google.com. Eg. Previous xssed page : http://www.aramamotoru-google.com.
In order to just get all XSSed pages for websites under exactly the given root domain, it is required to append a "." in front of the domain. The attached plug-in includes the "." fix. BTW, Andres, is there a way of refreshing the list of plug-ins without restarting w3af? If not, here you are a new enhancement request ;) Cheers, -- Raul Siles www.raulsiles.com On Sun, Oct 18, 2009 at 6:13 PM, Andres Riancho <andres.rian...@gmail.com> wrote: > List, > > I'm a little bit flooded with work (at least for today). Could > anyone please review this plugin? Thanks! > > Cheers, > > On Sun, Oct 18, 2009 at 7:38 AM, shatter <shat...@shatter-blog.net> wrote: >> Hello everybody, >> >> I'm new on this mailing-list so i don't know exactly how it's work to >> publish a new plugin... >> >> I am a French Developer (sorry for my English :s ) and I made a new plugin >> for w3af : xssedDotCom. This plugin parses xssed.com database in order to >> find xssedpage, and give an example of each xssed page. >> >> Do you accept this plugin? >> >> Shatter >> >> PS : Congratulations to Andres Riancho and all the developers for this >> excellent framework :-) >> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop >
xssedDotCom.py
Description: Binary data
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
