tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/4157-all-xss-checks-missing-this-vulnerable-issueArachni: Discussion 2016-12-29T08:16:39Ztag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-11-29T14:49:45Z2016-11-29T14:49:54ZALL XSS Checks Missing this vulnerable issue<div><p>Which version are you using?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-11-29T14:57:36Z2016-11-29T14:57:36ZALL XSS Checks Missing this vulnerable issue<div><p>Nevermind, I'm guessing the nightlies.<br>
The issue has been forwarded to the relevant dependency: <a href="https://github.com/ohler55/ox/issues/158">https://github.com/ohler55/ox/issues/158</a></p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-11-30T02:02:46Z2016-11-30T02:02:48ZALL XSS Checks Missing this vulnerable issue<div><p>im using nightlies.</p>
<p>the find_spoof part in xss checks sourcecode like this:</p>
<pre>
<code>def self.find_proof( resource )
return if !resource.body.has_html_tag?( self.tag_name )
proof_nodes = Arachni::Parser.parse(
resource.body,
whitelist: [self.tag_name, 'textarea'],
stop_on_first: [self.tag_name]
).nodes_by_name( self.tag_name )
return if proof_nodes.empty?
proof = proof_nodes.find do |e|
e.parent.name != :textarea
end
return if !proof
proof
end</code>
</pre>
<p>And I wonder that why cant Arachni recognize this XSS issue
with<br>
" return if !resource.body.has_html_tag?( self.tag_name )". this
XSS case is quite simple i think, even dont need to parse the
response html document with ox, just use regex doesnt work?</p></div>kxcodetag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-12-01T11:18:23Z2016-12-01T11:18:23ZALL XSS Checks Missing this vulnerable issue<div><p>Regexps only work as a first-state optimization to see if the
node as a substring is at least in the HTML code, to verify the
existence of the node you need to properly parse the document.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-12-02T09:18:26Z2016-12-02T09:18:29ZALL XSS Checks Missing this vulnerable issue<div><p>it may missing some issue where the Parser parsed different from
the browsers.<br>
I guess ox sax_html() may have some other bugs like this : /</p></div>kxcodetag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-12-02T13:46:43Z2016-12-02T13:46:43ZALL XSS Checks Missing this vulnerable issue<div><p>Not in this test, browsers will behave identically.<br>
As for bugs, everything has them, Ox parsing has less than most
alternatives and is faster than all of them.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-12-05T03:24:53Z2016-12-05T03:24:57ZALL XSS Checks Missing this vulnerable issue<div><p>all right , As for bugs, everything has them. : P</p></div>kxcodetag:support.arachni-scanner.com,2012-07-01:Comment/413321002016-12-29T08:16:38Z2016-12-29T08:16:38ZALL XSS Checks Missing this vulnerable issue<div><p>Fixed in the nightlies.</p></div>Tasos Laskos