Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago This issue seems similar to Issue 18. There is already an action item to
address this.Original comment by r...@r-n-d.org on 23 Jul 2011 at 1:47
GoogleCodeExporter
commented
9 years ago Hi! Great tool you've released and thank you for the response in #18, great
info for those learning.Original comment by h02...@gmail.com on 23 Jul 2011 at 2:08
GoogleCodeExporter
commented
9 years ago Marking this as duplicate of Issue 18. Please follow/comment the issue there.Original comment by r...@r-n-d.org on 1 Sep 2011 at 8:23
GoogleCodeExporter
commented
9 years ago Re-opening as separate bug to track.Original comment by r...@r-n-d.org on 1 Sep 2011 at 4:28
GoogleCodeExporter
commented
9 years ago Hi!
Thanks for reopening ticket!
Global URL = http://cloudscan.org
Offending JS = https://a12.alphagodaddy.com/hosting_ads/gd01.js
Issues by UA | Chrome DOMSnitch Report
==========================================
Loading of CSS from an untrusted origin
Loading of scripts from an untrusted origin
Issues by UA | DOMinator Report
==========================================
Sources of Tainted Input: location.toString | referer
Acunetix Web Vulnerability Scanner, August 2011 Build
==========================================
JS executes from document.location path part via innerHTML in
https://a12.alphagodaddy.com/hosting_ads/gd01.js at line 26,28.
Suggestion: Consider sighting the sources and sinks.. line numbers of offensive
code, and a complete stack trace for repro.. a la Acunetix or DOMinator
Question: Different results all around.. I'm asking if you can run thru the
Global.URL yourself and compare and contrast the output of DOMinator vs.
DOMSnitch vs. Acunetix.
Post your own results, and I'll do the same.. I think it will be a great
learning example for all, immho...
-D
Original comment by h02...@gmail.com on 1 Sep 2011 at 5:41
GoogleCodeExporter
commented
9 years ago Hi!
Adding.. no output from stack trace in exported TXT File.. no trace in output...
-DOriginal comment by h02...@gmail.com on 6 Sep 2011 at 1:04
GoogleCodeExporter
commented
9 years ago Hi!
w/r/t reporting, suggest that .. Mixed content through the HREF attribute of a
LINK element ... be part of a weak programming skills / DORK Report ..
w/r/t reporting, suggest that .. Loading of scripts from an untrusted origin.
.. be part of a weak programming skills / DORK Report..
w/r/t parsing, when Referrer Data found with innerHTML, when matching on www,
my and other vhost name.. injection of fqdn.vhost.tld results are FP ..
(provided for those following the thread).. example .. referrer data set to
www.xss.cx or my.xss.cx etc.... FP
w/r/t parsing and malformed JSON, suggest that be included in weak programming
skills / DORK Report..
w/r/t Report Format Suggestions.. consider developing a target analysis file,
including sources, sinks, methods abused etc.... suggest include other output
from the Scope on Wiki or a pointer URL etc.. often we compare the intended
scope of DOMinator and DOMSnitch and then compare the results with our own
analysis and often see a wide disparity in results... having the sources,
sinks, methods abused etc.. with the stack trace can often help reducing FP, FN
etc..
I'll post a few comps in another comment using the webkit XSSAdmin scripts as
example.
-DOriginal comment by h02...@gmail.com on 6 Sep 2011 at 1:30
Original issue reported on code.google.com by
h02...@gmail.comon 22 Jul 2011 at 2:44