Results 1 to 4 of 4

Thread: pentesting web apps with xss-me...

  1. #1
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default pentesting web apps with xss-me...

    I've started to get my feet wet testing web apps, and I'm trying to make sense of the output that xss-me add-on in firefox gives you when you run a test on a given page, I've been testing the demo.testfire.net ( altoro mutual )..login page, which test for numerous xss vulnerabilities, but the ones in red are showing what appears to be the script tested, it doesn't seem to work when you inserted the xss in the login form....I don't think that's the actual xss script on the report, but the form in which the script would be inserted....could someone give me a hand interpreting this output?

    check the report here!

  2. #2
    Member Oneiroi's Avatar
    Join Date
    Jul 2008
    Posts
    59

    Default

    Quote Originally Posted by mia_tech View Post
    I've started to get my feet wet testing web apps, and I'm trying to make sense of the output that xss-me add-on in firefox gives you when you run a test on a given page, I've been testing the demo.testfire.net ( altoro mutual )..login page, which test for numerous xss vulnerabilities, but the ones in red are showing what appears to be the script tested, it doesn't seem to work when you inserted the xss in the login form....I don't think that's the actual xss script on the report, but the form in which the script would be inserted....could someone give me a hand interpreting this output?

    check the report here!
    Only registered users can access the attachments, sorry but I realy don't fancy registering on another forum
    ---------

    OSX 10.6
    Advent Vega (Tegra 250)

    Working on getting BT5 working on the Vega

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Attachment re-uploaded for anyone not feeling like using Bugmenot to access the report mentioned in the OP:
    http://bayimg.com/BAJFFAaBP
    -Monkeys are like nature's humans.

  4. #4
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    sorry... I didn't have anywhere else to upload the file....

    but after doing some searching in google, what xss-me is tell you on that report page is that the DOM object is vulnerable to xss attacks in the form in question... in the form of <SCRIPT>document.property</SCRIPT>... now it is up to you to find the actual script to insert on that form.
    then again correct me if I'm wrong

    thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •