Andres, >> JFYI: currently I'm working on optimize xss&contect code to pass >> wavsep unittests. > > Great stuff! I've been watching your SVN commits :) Specifically from > the test_xss.py file, from the list of WAVSEP test cases, how many are > passing? How many are we missing?
As you have seen for the first I have added only tests for GET-method XSS. From 32 tests w3af passes about 20. We have problems with JS event handlers and VisualBasic (Is it still supported by IE?) cases :) > Do you think we'll be able to cover them all? IMHO, we have chances. > Please don't forget about the false positive tests, which we should be > able to pass too. Agree. >> <html> <input type="button" value="ClickMe" onClick="var >> customerName='PAYLOAD'"> </html> >> >> As you see here JS context is inside HTML attribute (JS event >> handler) onlick. > > Oh wow, so you'll have to verify that you can break out of the ' > context and then the " one! Here we need to break only ' to escape from quoted string in nested JS context to get possible XSS. > Was your code designed to handle something like that? Yes, I will create special contexts for this case. -- Taras http://oxdef.info GPG: C8D1F510 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
