Hello dear developers, first of all I would like to thank all of you for the great work you are doing on w3af.
I started using it some time ago and have come across the following issue: Scanning a customers website, I found a XSS vunerability using Acunetix. This is the First Line of the HTTP header sent by Acunetix: GET /html/contact.php/%22onmouseover%3d'prompt(975175)'bad%3d%22%3e HTTP/1.1 The vunerability is caused by the use of $_SERVER['PHP_SELF'] in the action attribute of a form tag. I was not able to find this vunerabilty using w3af though. I is possible to extend the xss plugin to also test for this kind of attack? It would be great! Best regards Tobias Assmann _______________________________________________________ SkyGate internetworking GmbH Pfuelstrasse 5, Aufgang VI D - 10997 Berlin Handelsreg. Berlin Charlottenburg, HRB 87258 Geschaeftsfuehrer: Stephan Jensen T: +49- (0)30 - 611038-0 F: +49- (0)30 - 61280465 W: http://www.skygate.de _______________________________________________________ ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712 _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
