Re: [W3af-users] vunerability solution guide?

[Roman Zavolly]

Great – I appreciate the pointers.

Many thanks Carlos!
-Roman

From: Carlos Pantelides [mailto:carlos_panteli...@yahoo.com]
Sent: Friday, March 08, 2013 9:42 PM
To: 'w3af-users@lists.sourceforge.net'; Roman Zavolly
Subject: Re: [W3af-users] vunerability solution guide?

Roman:

adding to owasp projects, there is another resource, fortify, a little outdated:

http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html
html->encapsulation->csrf
(http://www.hpenterprisesecurity.com/vulncat/en/vulncat/html/csrf.html)

Carlos Pantelides

@dev4sec

http://seguridad-agile.blogspot.com/

--- On Fri, 3/8/13, Roman Zavolly 
<rzavo...@enservio.com<mailto:rzavo...@enservio.com>> wrote:

From: Roman Zavolly <rzavo...@enservio.com<mailto:rzavo...@enservio.com>>
Subject: [W3af-users] vunerability solution guide?
To: "'w3af-users@lists.sourceforge.net'" 
<w3af-users@lists.sourceforge.net<mailto:w3af-users@lists.sourceforge.net>>
Date: Friday, March 8, 2013, 3:29 PM

Hello Andres,



My W3AF scans have found XSS vulnerability on a few Web servers.  However, 
after searching online and on 
http://sourceforge.net/mailarchive/forum.php?forum_name=w3af-users&source=navbar
 I can’t find any clear cut explanation of what fix to implement to counter the 
discovered vulnerability.  In the past I had to run typical google searches on 
how to tackle each issue but I was hoping that maybe by now there may be 
something like a “vulnerability/proposed solution” guide somewhere that I can 
reference?



If there isn’t a guide could you help me understand how to deal with the 
following security hole?



Here are some excerpts from the post scan logs:



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Thu 07 Mar 2013 01:41:02 PM EST] The following scripts allow an attacker to 
send POST data as query string data (this makes XSRF easier to exploit):

[Thu 07 Mar 2013 01:41:02 PM EST] - The URL: http://xx.xx.xx.xx/login.aspx is 
vulnerable to cross-site request forgery. It allows the attacker to exchange 
the method from POST to GET when sendin data to the server.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Thu 07 Mar 2013 01:34:58 PM EST - information] Found 2 URLs and 5 different 
points of injection.

[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of URLs is:

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx /

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx 
/login.aspx

[Thu 07 Mar 2013 01:34:58 PM EST - information] The list of fuzzable requests 
is:

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / | 
Method: GET

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx 
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...", 
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="", 
chkRememberMe="", chkTestBandwidth="", hidBrowserDimensions="")

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx 
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...", 
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="", 
chkRememberMe="", hidBrowserDimensions="")

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx 
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...", 
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="", 
chkTestBandwidth="", hidBrowserDimensions="")

[Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx 
/login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...", 
__EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="", 
hidBrowserDimensions="")

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------



Any help and guidance will be much appreciated!



Thanks in advance,

Roman Zavolly

Systems Engineer



-----Inline Attachment Follows-----
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev

-----Inline Attachment Follows-----
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net</mc/compose?to=W3af-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/w3af-users



------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users