Open phihag opened 11 years ago
$ python -m webvulnscan localhost:8666 Vulnerability: http://localhost:8666/csrf/send CSRF Vulnerability Vulnerability: http://localhost:8666/xss/?username=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E XSS in URL parameter username
There should be at least one report about the SQL injection vulnerability.
We need a generic way to detect soft 500s (i.e. errors that are still served as 200), for example by sending two innocuous requests, finding the similarities, and then sending a third test request.
There should be at least one report about the SQL injection vulnerability.