Re: [W3af-users] testing the html5 module

Thu, 01 Nov 2012 03:49:13 -0700 

Luke,

    I think you will find this code [0] interesting since it will find
the vulnerability you're reproducing in your lab
(Access-Control-Allow-Origin: *)

[0] 
https://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/audit/cors_origin.py

Regards,

On Tue, Oct 30, 2012 at 3:57 AM, luke <[email protected]> wrote:
>
> Hi guys
> I set up a web sever the test the HTML5 module in w3af, after I set up the 
> Apache and configure it to Access-Control-Allow-Origin,
> the  server responses is this :
>
> curl -I http://192.168.245.128/
>
> HTTP/1.1 200 OK
>
> Date: Sun, 28 Oct 2012 02:55:28 GMT
>
> Server: Apache/2.2.14 (Ubuntu)
>
> Last-Modified: Sat, 04 Jun 2011 15:36:08 GMT
>
> ETag: "db2cd-b1-4a4e4a1080a00"
>
> Accept-Ranges: bytes
>
> Content-Length: 177
>
> Vary: Accept-Encoding
>
> Access-Control-Allow-Origin: *
>
> Content-Type: text/html
> ================================
> after this I scan the server with inspectOriginHeaderScrutiny 
> inspectRequestPreflight this teo module
> but I only get one result :
>
>
>
> after I read the source of the two module ,I am wondering why there is only 
> one result .
> only have check the preflight !
>
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to