Taras,
On Tue, Dec 13, 2011 at 6:06 AM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> For the first, I'm glad to say that now w3af can fuzz rewritten URLs [0].
w0000t ! That's really good news!
> It was really easy to implement using as template fuzzFileName.
Good to hear I was able to point you to the correct code location :)
> For the second, tests have shown that our xss strings in audit plugin is not
> always enough to find XSS. For example, I have such .htaccess:
>
> Options -MultiViews
> RewriteEngine on
> RewriteBase /
> RewriteRule ^article/([^\/]+)$ news.php?id=$1 [L]
>
> and vuln piece of code:
>
> <body>
> <h1>News for <?php echo $id ?></h1>
> <p>
>
> In this case XSS was not found because of '&' character. So I have just
> added very simple test string:
>
> xss_tests.append(("<RANDOMIZE>\"'", [browsers.ALL, ]))
Instead of doing this, have you tried to URL encode the payload
(and specifically the &) before using it as part of a path?
> How to test fuzzURLParts:
> 1. extract news.tar.gz into vhost dir
> 2. svn co rewritten-urls branch
> 3. run ./w3af_console -s scripts/script-fuzzURLParts.w3af
>
> [0] https://w3af.svn.sourceforge.net/svnroot/w3af/branches/rewritten-urls
This is my review for these changes [0], which seem to be the only
ones in the branch.
I would keep the same name, no need to add a new "fuzzedUrlParts"
string. I would simply keep using fuzzURLParts so that when someone
performs a code grep they can easily find all related parts
647 if cf.cf.getData('fuzzURLParts'):
648 _fuzzable['fuzzedUrlParts'] = None
In the future please try to use "moth" as your target test server so
that we can easily merge those changes into our servers without
changing the scripts or web apps
18 target
19 set target http://news/article/1
20 back
All in all... as usual... GREAT work! Lets discuss these two or three
open items we have left from this email and I'll merge to trunk.
[0] http://sourceforge.net/apps/trac/w3af/changeset/4526 ,
http://sourceforge.net/apps/trac/w3af/changeset/4536 ,
http://sourceforge.net/apps/trac/w3af/changeset/4537 ,
http://sourceforge.net/apps/trac/w3af/changeset/4567
> --
> Taras
> http://oxdef.info
>
> ------------------------------------------------------------------------------
> Systems Optimization Self Assessment
> Improve efficiency and utilization of IT resources. Drive out cost and
> improve service delivery. Take 5 minutes to use this Systems Optimization
> Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and
improve service delivery. Take 5 minutes to use this Systems Optimization
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
