Hello Andres,
My W3AF scans have found XSS vulnerability on a few Web servers. However,
after searching online and on
http://sourceforge.net/mailarchive/forum.php?forum_name=w3af-users&source=navbar
I can't find any clear cut explanation of what fix to implement to counter the
discovered vulnerability. In the past I had to run typical google searches on
how to tackle each issue but I was hoping that maybe by now there may be
something like a "vulnerability/proposed solution" guide somewhere that I can
reference?
If there isn't a guide could you help me understand how to deal with the
following security hole?
Here are some excerpts from the post scan logs:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Thu 07 Mar 2013 01:41:02 PM EST] The following scripts allow an attacker to
send POST data as query string data (this makes XSRF easier to exploit):
[Thu 07 Mar 2013 01:41:02 PM EST] - The URL: http://xx.xx.xx.xx/login.aspx is
vulnerable to cross-site request forgery. It allows the attacker to exchange
the method from POST to GET when sendin data to the server.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Thu 07 Mar 2013 01:34:58 PM EST - information] Found 2 URLs and 5 different
points of injection.
[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of URLs is:
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx /
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx
[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of fuzzable requests
is:
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / |
Method: GET
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkRememberMe="", chkTestBandwidth="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkRememberMe="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkTestBandwidth="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
hidBrowserDimensions="")
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Any help and guidance will be much appreciated!
Thanks in advance,
Roman Zavolly
Systems Engineer
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
