Closed GoogleCodeExporter closed 8 years ago
Do you mean that it does not follow:
Location: ?msg=Congrats!+You+made+it!
...or something else? Formally, it's not a valid form of redirection, but I
think it should work? What's the exact symptom?
Original comment by lcam...@gmail.com
on 10 Sep 2010 at 5:10
I can't tell if it followed it or not but I'm pretty sure it didn't audit the
'msg' parameter.
If it had it would have found the XSS vulnerability.
Also, although it followed all the forms properly it didn't audit the 'rfi'
cookie either, which is set after the second form has been submitted.
I'll run some more tests to see what's happening...
Original comment by Tasos.La...@gmail.com
on 10 Sep 2010 at 5:36
The best way to troubleshoot this is to do:
make clean debug
./skipfish [...usual stuff...] 2>logfile.txt
This will create a detailed crawl log; we be able to see if the scanner
actually followed the link, if it attempted any injection attacks against the
URL, and if not, why.
Original comment by lcam...@gmail.com
on 10 Sep 2010 at 6:47
It seems that I were wrong.
It found both the cookie and the 'msg' var.
This time is reported the msg var to be vulnerable but it took no further
action regarding the 'rfi' cookie.
It doesn't seem to audit cookies at all.
Original comment by Tasos.La...@gmail.com
on 10 Sep 2010 at 7:09
Attachments:
Nope, cookies are off the limits at this point. Checking them for XSS is
generally pointless; SQL injection, etc, is more interesting, and it's on my
TODO list.
Original comment by lcam...@gmail.com
on 10 Sep 2010 at 7:45
Original issue reported on code.google.com by
Tasos.La...@gmail.com
on 10 Sep 2010 at 1:13