Created
September 18, 2013 09:18
-
-
Save garethr/6606655 to your computer and use it in GitHub Desktop.
Example using gauntlt and arachni to test for cross site scripting vulnerabilities in wackopicko
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| + | |
| +[+] 2 issues were detected. | |
| + | |
| +[+] [1] Trusted -- Cross-Site Scripting (XSS) | |
| +[~] ~~~~~~~~~~~~~~~~~~~~ | |
| +[~] ID Hash: ea37c74ba2614fa52840bfd152e892e01c918a0a7e92f600805cb79d24050ec2 | |
| +[~] Severity: High | |
| +[~] URL: http://victim/pictures/search.php | |
| +[~] Element: form | |
| +[~] Method: GET | |
| +[~] Tags: xss, regexp, injection, script | |
| +[~] Variable: query | |
| +[~] Description: | |
| +[~] Client-side code (like JavaScript) can | |
| + be injected into the web application which is then returned to the user's browser. | |
| + This can lead to a compromise of the client's system or serve as a pivoting point for other attacks. | |
| + |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @slow | |
| Feature: Look for cross site scripting (xss) using arachni against a URL | |
| Scenario: Using the arachni, look for cross site scripting and verify no issues are f | |
| ound | |
| Given "arachni" is installed | |
| And the following profile: | |
| | name | value | | |
| | url | http://victim/pictures/search.php?query=bob | | |
| | depth | 2 | | |
| | auto_redundant | 1 | | |
| | link_count | 1 | | |
| When I launch an "arachni-xss_with_options" attack | |
| Then the output should contain "0 issues were detected" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment