Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: On the Yin and the Yang. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

On the Yin and the Yang
by Acidus at 3:52 am EDT, Sep 13, 2005

acidus@reload dist]$ java -jar XSSScanner.jar http://zero.webappsecurity.com
--
Crawling...
---
Done (200 OK: 20 404 Not Found: 5)
Checking "http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess
&templateName=prod_sel.forte&source=Freebank
&AD_REFERRING_URL=http://www.Freebank.com"

Using tracer:XSSTracer7699183
checking param "serviceName"
checking param "templateName"
checking param "source"
checking param "AD_REFERRING_URL"
Checking "http://zero.webappsecurity.com/plink.asp?a=b&c=12"
Using tracer:XSSTracer17510567
checking param "a"

*** FOUND TRACER using param "a" in "http://zero.webappsecurity.com/plink.asp?a=XSSTracer17510567&c=12"

checking param "c"

*** FOUND TRACER using param "c" in "http://zero.webappsecurity.com/plink.asp?a=b&c=XSSTracer17510567"

Checking "http://zero.webappsecurity.com/banklogin.asp?err=Invalid+Login:"
Using tracer:XSSTracer27744459
checking param "err"

*** FOUND TRACER using param "err" in "http://zero.webappsecurity.com/banklogin.asp?err=XSSTracer27744459"

---
3 XSS Holes found.
3 unflitered params found
1 vuln form found
--

[acidus@reload dist]$

Link - Reply

  
 
Powered By Industrial Memetics