[W3af-develop] new XSS plugin status

Taras Sat, 04 Aug 2012 06:07:45 -0700

Hi, all!

JFYI: currently I'm working on optimize xss&contect code to pass wavsep 
unittests. One of problems to solve now is double context (How may of 
you watched Inception movie [0]? :):


         <html>
         <input type="button" value="ClickMe" onClick="var 
customerName='PAYLOAD'">
         </html>

As you see here JS context is inside HTML attribute (JS event handler) 
onlick.

[0] http://www.imdb.com/title/tt1375666/

-- 
Taras
http://oxdef.info
GPG: C8D1F510

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

[W3af-develop] new XSS plugin status

Reply via email to