Thank you for all your help w/this Andres and Matt - much appreciate it. My
dev team already jumped on your links and started to make noise and create
smoke in their respective areas :)
Have a great weekend gents!
B.Regards,
-Roman
From: [email protected] [mailto:[email protected]] On Behalf Of Matt Tesauro
Sent: Friday, March 08, 2013 3:07 PM
To: Roman Zavolly
Cc: [email protected]
Subject: Re: [W3af-users] vunerability solution guide?
For XSS, I'd highly recommend OWASP's XSS Prevention Cheat Sheet:
https://www.owasp.org/index.php/XSS_Prevention_Cheatsheet
and, in general, the entire OWASP Cheat Sheet series are developer-focused and
aimed and fixing (or not making in the first place) many different security
vulnerabilities:
https://www.owasp.org/index.php/Cheat_Sheets
Enjoy!
--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
On Fri, Mar 8, 2013 at 12:29 PM, Roman Zavolly
<[email protected]<mailto:[email protected]>> wrote:
Hello Andres,
My W3AF scans have found XSS vulnerability on a few Web servers. However,
after searching online and on
http://sourceforge.net/mailarchive/forum.php?forum_name=w3af-users&source=navbar
I can't find any clear cut explanation of what fix to implement to counter the
discovered vulnerability. In the past I had to run typical google searches on
how to tackle each issue but I was hoping that maybe by now there may be
something like a "vulnerability/proposed solution" guide somewhere that I can
reference?
If there isn't a guide could you help me understand how to deal with the
following security hole?
Here are some excerpts from the post scan logs:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Thu 07 Mar 2013 01:41:02 PM EST] The following scripts allow an attacker to
send POST data as query string data (this makes XSRF easier to exploit):
[Thu 07 Mar 2013 01:41:02 PM EST] - The URL: http://xx.xx.xx.xx/login.aspx is
vulnerable to cross-site request forgery. It allows the attacker to exchange
the method from POST to GET when sendin data to the server.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Thu 07 Mar 2013 01:34:58 PM EST - information] Found 2 URLs and 5 different
points of injection.
[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of URLs is:
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx /
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx
[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of fuzzable requests
is:
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / |
Method: GET
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkRememberMe="", chkTestBandwidth="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkRememberMe="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
chkTestBandwidth="", hidBrowserDimensions="")
[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
hidBrowserDimensions="")
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Any help and guidance will be much appreciated!
Thanks in advance,
Roman Zavolly
Systems Engineer
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/w3af-users
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
