Zapotek
commented
7 years ago I'll need a reproducible case to see what's going on, any chance that I can be given access to the webapp?
Open bgerardw opened 7 years ago
Zapotek
commented
7 years ago I'll need a reproducible case to see what's going on, any chance that I can be given access to the webapp?
bgerardw
commented
7 years ago Really sorry but can not do that. I will see if I can get you more info or replicate it. After the Arachni scan is done the site map does not have the destination in it. The destination folder is in wp-includes as it is a WordPress site.
bgerardw
commented
7 years ago A correction they are divs with a class of called 'select box' not the tag
bgerardw
commented
7 years ago I went back to look at this when I was not tired. They are
The select tags are not between form tags so I am guessing that in auditing the page Arachni does not have a path extractor for anything like this?
Zapotek
commented
7 years ago This goes past path extractors, it has to do with how the DOM is manipulated, although without a test case I can't know what going on.
If you have some Ruby experience, creating a simple Sinatra webapp that reproduces this issue would be most helpful.
I was looking at a site that and alternative scanner had found an xss issue on. It was not a false positive.
Arachni, however, missed it.
The vulnerability is on a pair of select boxes. On selecting one of them a call is made on the server and this call is vulnerable. the injection vector is
Could it be that Arachni does not check select boxes for some reason? They are not inside form tags.