acidus@reload dist]$ java -jar XSSScanner.jar http://zero.webappsecurity.com -- Crawling... --- Done (200 OK: 20 404 Not Found: 5) Checking "http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess &templateName=prod_sel.forte&source=Freebank &AD_REFERRING_URL=http://www.Freebank.com" Using tracer:XSSTracer7699183 checking param "serviceName" checking param "templateName" checking param "source" checking param "AD_REFERRING_URL" Checking "http://zero.webappsecurity.com/plink.asp?a=b&c=12" Using tracer:XSSTracer17510567 checking param "a" *** FOUND TRACER using param "a" in "http://zero.webappsecurity.com/plink.asp?a=XSSTracer17510567&c=12" checking param "c" *** FOUND TRACER using param "c" in "http://zero.webappsecurity.com/plink.asp?a=b&c=XSSTracer17510567" Checking "http://zero.webappsecurity.com/banklogin.asp?err=Invalid+Login:" Using tracer:XSSTracer27744459 checking param "err" *** FOUND TRACER using param "err" in "http://zero.webappsecurity.com/banklogin.asp?err=XSSTracer27744459" --- 3 XSS Holes found. 3 unflitered params found 1 vuln form found -- [acidus@reload dist]$ |