hhucn / webvulnscan

automated web application vulnerability scanner
MIT License
38 stars 27 forks source link

Test Gruyere #44

Closed phihag closed 10 years ago

phihag commented 11 years ago

We should evaluate webvulnscan by running it against gruyere.

rliebig commented 11 years ago

There are also other websites I would want to try webvulnscan against:

rliebig commented 11 years ago

Output for Gruyere:

Warning: http://google-gruyere.appspot.com/810268760331/login <Broken Unicode Handling> Server accepts invalid unicode characters!
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=brie <Broken Unicode Handling> Server accepts invalid unicode characters!
Warning: http://google-gruyere.appspot.com/810268760331/saveprofile <Broken Unicode Handling> Server accepts invalid unicode characters!
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=cheddar <Broken Unicode Handling> Server accepts invalid unicode characters!
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3E <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%27 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=cheddar <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/login <HTML Error> Unclosed tag <input>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=brie <HTML Error> Unclosed tag <br>
Warning: http://google-gruyere.appspot.com/810268760331/newaccount.gtl <HTML Error> Unclosed tag <input>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%29 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7B <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/ <HTML Error> Unclosed tag <br>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%26 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=brie <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7D <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=cheddar <HTML Error> Unclosed tag <br>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%E1%B5%950 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3C <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%28 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7C <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=test <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/newaccount.gtl <HTML Error> Unclosed tag <br>
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%22 <HTML Error> Unclosed tag <div>
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%3C&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%29&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%22&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%7B&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%27&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%27&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=test&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%7B&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%26&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%7D&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&action=%25252500&is_author=%2525252500&=%252525252500 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%3E&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%26&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%7C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&action=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%7C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%7D&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%22&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%27&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%26&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%29&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%7D&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%22&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7D <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%3C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%7C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%28&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%28&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%28&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%3C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%E1%B5%950 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%3C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%7D&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%28&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%27&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%7D&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=abcd1234&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&action=%252525EF%252525BF%252525BF&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%29&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%28&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%27&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%7C&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&pw=abcd1234&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%29 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%22&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/ <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/newaccount.gtl <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=abcd1234&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%28&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%27&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&action=%252525EF%252525BF%252525BF&is_author=%25252525EF%25252525BF%25252525BF&=%2525252525EF%2525252525BF%2525252525BF <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=test&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%7B&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=brie <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%3E&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%29&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%22&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%26&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%7C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%26&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%7C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&action=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&is_author=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=test&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%28 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%3E&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=test&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%7D&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&action=%25252500&is_author=%2525252500&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=test&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%26&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=cheddar <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%3E&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&=%252525EF%252525BF%252525BF <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%3C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%29&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%3C&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%7B&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%3E&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%7B&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%7D&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3C <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%29&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%7D&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%7C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7C <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=test&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%27 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=test&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&action=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&is_author=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%3C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%26&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=%2525EF%2525BF%2525BF&action=%252525EF%252525BF%252525BF&is_author=%25252525EF%25252525BF%25252525BF&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%27&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&=%25252500 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=%3C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=test <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%22&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%29&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=abcd1234&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%7C&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27pw%27%2C+%27abcd1234%27%29=%22&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%22 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%26&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=abcd1234&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%26 <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27pw%27%2C+%27abcd1234%27%29=%29&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27uid%27%2C+%27abcdefgh%27%29=%28&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&pw=abcd1234&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27uid%27%2C+%27abcdefgh%27%29=test&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%2500&pw=%252500&action=%25252500&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%25EF%25BF%25BF&pw=abcd1234&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27action%27%2C+%27new%27%29=%7B&action=new&is_author=True&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%7B <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%27&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27%27%2C+%27Create+account%27%29=%7B&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%7B&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=%250d%250aContent-Type%3A+text%2Fhtml%250d%250a%250d%250a%3Chtml%3E%3Ch1%3EAttacked%21%3C%2Fh1%3E%3C%2Fhtml%3E&pw=abcd1234&=Login <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&%28%27is_author%27%2C+%27True%27%29=%22&=Create+account <No Charset set> 
Warning: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&%28%27%27%2C+%27Login%27%29=%28&=Login <No Charset set> 
Vulnerability: http://google-gruyere.appspot.com/810268760331/login <CSRF Vulnerability> 
Vulnerability: http://google-gruyere.appspot.com/810268760331/saveprofile <CSRF Vulnerability> 
Vulnerability: http://google-gruyere.appspot.com/810268760331/* Clickjacking
Vulnerability: http://google-gruyere.appspot.com/810268760331/login <Incorrect Unicode Handling!> 
Vulnerability: http://google-gruyere.appspot.com/810268760331/saveprofile <Incorrect Unicode Handling!> 
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <XSS> in parameter 
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&=Create+account <XSS> in parameter is_author
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&is_author=True&=Create+account <XSS> in parameter action
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&pw=abcd1234&=Login <XSS> in parameter uid
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&=Login <XSS> in parameter pw
Vulnerability: http://google-gruyere.appspot.com/810268760331/snippets.gtl?uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <XSS> in URL parameter uid
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&pw=abcd1234&action=new&is_author=True&=Create+account <XSS> in parameter uid
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=abcd1234&action=new&is_author=True&=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E <XSS> in parameter 
Vulnerability: http://google-gruyere.appspot.com/810268760331/uid=abcdefgh&pw=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E&action=new&is_author=True&=Create+account <XSS> in parameter pw

In Comparison to the solutions site, I think the result is statisfying.

rliebig commented 11 years ago

Result for:

$ python -m webvulnscan -v http://demo.testfire.net/ | grep Vulnerability

are:

Vulnerability: http://demo.testfire.net/ <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=security.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=privacy.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_contact.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/comment.aspx <XSS> in parameter name
Vulnerability: http://demo.testfire.net/feedback.aspx <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_careers.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/Privacypolicy.aspx?sec=Careers&template=US <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_press.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060413.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_investor.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/cgi.exe <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_about.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/inside_points_of_interest.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_community.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_volunteering.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_other.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_retirement.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_insurance.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_cards.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_lending.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business_deposit.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/high_yield_investments.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/security.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=business.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_other.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_investments.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_cards.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_loans.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_checking.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_deposit.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/bank/login.aspx <XSS> in parameter uid
Vulnerability: http://demo.testfire.net/bank/login.aspx <CSRF Vulnerability> 
Vulnerability: http://demo.testfire.net/bank/login.aspx <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_questions.aspx <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_questions.aspx?step=a <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_questions.aspx?step=b <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_questions.aspx?step=c <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_questions.aspx?step=d <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/survey_complete.aspx <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=personal_savings.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_executives.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060518.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060720.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060817.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060921.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20060928.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20061005.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=pr/20061109.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_trainee.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=MortgageLendingAccountExecutive:Sales <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=OperationalRiskManager:RiskManagement <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=LoyaltyMarketingProgramManager:Marketing <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=CustomerServiceRepresentative:CustomerService <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=Teller:ConsumaerBanking <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_jobs.htm&job=ExecutiveAssistant:Administration <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_internships.htm <Clickjacking> no X-Frame-Options header
Vulnerability: http://demo.testfire.net/default.aspx?content=inside_benefits.htm <Clickjacking> no X-Frame-Options header

Grepped because Charset isn't set and HTML Error are everywhere.