ALL XSS Checks Missing this vulnerable issue

Edit

kxcode

29 Nov, 2016 07:15 AM

arachni cant find a xss like this:

<?php
print '<>'.@$_GET['test'];

maybe some exception occured in Arachni::Parser ?

Support Staff 1 Posted by Tasos Laskos on 29 Nov, 2016 02:49 PM

Which version are you using?
- Edit
Support Staff 2 Posted by Tasos Laskos on 29 Nov, 2016 02:57 PM

Nevermind, I'm guessing the nightlies.
The issue has been forwarded to the relevant dependency: https://github.com/ohler55/ox/issues/158
- Edit

3 Posted by kxcode on 30 Nov, 2016 02:02 AM

im using nightlies.

the find_spoof part in xss checks sourcecode like this:

def self.find_proof( resource )
    return if !resource.body.has_html_tag?( self.tag_name )

    proof_nodes = Arachni::Parser.parse(
        resource.body,
        whitelist:     [self.tag_name, 'textarea'],
        stop_on_first: [self.tag_name]
    ).nodes_by_name( self.tag_name )

    return if proof_nodes.empty?

    proof = proof_nodes.find do |e|
        e.parent.name != :textarea
    end

    return if !proof

    proof
end

And I wonder that why cant Arachni recognize this XSS issue with
" return if !resource.body.has_html_tag?( self.tag_name )". this XSS case is quite simple i think, even dont need to parse the response html document with ox, just use regex doesnt work?

Edit

Support Staff 4 Posted by Tasos Laskos on 01 Dec, 2016 11:18 AM

Regexps only work as a first-state optimization to see if the node as a substring is at least in the HTML code, to verify the existence of the node you need to properly parse the document.
- Edit
5 Posted by kxcode on 02 Dec, 2016 09:18 AM

it may missing some issue where the Parser parsed different from the browsers.
I guess ox sax_html() may have some other bugs like this : /
- Edit
Support Staff 6 Posted by Tasos Laskos on 02 Dec, 2016 01:46 PM

Not in this test, browsers will behave identically.
As for bugs, everything has them, Ox parsing has less than most alternatives and is faster than all of them.
- Edit
7 Posted by kxcode on 05 Dec, 2016 03:24 AM

all right , As for bugs, everything has them. : P
- Edit
Support Staff 8 Posted by Tasos Laskos on 29 Dec, 2016 08:16 AM

Fixed in the nightlies.
- Edit
Tasos Laskos closed this discussion on 29 Dec, 2016 08:16 AM.

Comments are currently closed for this discussion. You can start a new one.

New Issue
Conversation Started
The discussion is closed

No more actions from Arachni or the discussion starter are required.
Re-open the discussion Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	14 Apr, 2025 04:47 PM	REMOTE ACCESS
	29 Jul, 2024 06:44 AM	Dear arachni-scanner.com Owner.
	15 Feb, 2024 09:48 AM	Arachni download
	12 Jan, 2024 12:01 AM	We're sorry, but something went wrong.
	19 Oct, 2023 06:03 PM	Error - Not able Scan /ruby/lib/ruby/gems/2.7.0/gems/arachni-1.6.1.3/lib/arachni/rpc/server/framework.rb:156:in `block in run'

Recent Articles

	Logging in and maintaining a valid session
	Optimizing for faster scans
	Service scanning
	Software as a Service (Saas)

Arachni Support

ALL XSS Checks Missing this vulnerable issue

kxcode

New Issue

Conversation Started

The discussion is closed

Re-open the discussion Re-open the discussion