Roman,
On Fri, Mar 8, 2013 at 3:29 PM, Roman Zavolly <[email protected]> wrote:
> Hello Andres,
>
> My W3AF scans have found XSS vulnerability on a few Web servers. However,
> after searching online and on
> http://sourceforge.net/mailarchive/forum.php?forum_name=w3af-users&source=navbar
> I can’t find any clear cut explanation of what fix to implement to counter
> the discovered vulnerability. In the past I had to run typical google
> searches on how to tackle each issue but I was hoping that maybe by now
> there may be something like a “vulnerability/proposed solution” guide
> somewhere that I can reference?
Sadly w3af doesn't have an embedded database with references to
vulnerability descriptions, details on how to fix stuff, etc. We do
have a task that describes how we'll do it in the future though ;)
https://github.com/andresriancho/w3af/issues/53
>
>
> If there isn’t a guide could you help me understand how to deal with the
> following security hole?
http://blogs.msdn.com/b/alikl/archive/2008/03/17/quickly-find-and-fix-cross-site-scripting-xss-vulnerabilities-in-your-asp-net-application.aspx
>
>
> Here are some excerpts from the post scan logs:
>
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> [Thu 07 Mar 2013 01:41:02 PM EST] The following scripts allow an attacker to
> send POST data as query string data (this makes XSRF easier to exploit):
>
> [Thu 07 Mar 2013 01:41:02 PM EST] - The URL: http://xx.xx.xx.xx/login.aspx
> is vulnerable to cross-site request forgery. It allows the attacker to
> exchange the method from POST to GET when sendin data to the server.
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] Found 2 URLs and 5 different
> points of injection.
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] The list of URLs is:
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx /
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] The list of fuzzable
> requests is:
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / |
> Method: GET
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkRememberMe="", chkTestBandwidth="", hidBrowserDimensions="")
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkRememberMe="", hidBrowserDimensions="")
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkTestBandwidth="", hidBrowserDimensions="")
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> hidBrowserDimensions="")
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> Any help and guidance will be much appreciated!
>
>
>
> Thanks in advance,
>
> Roman Zavolly
>
> Systems Engineer
>
>
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
