DOM-XSS Detection
Hi,
Firslty thanks for the great scanner, clearly lots of effort has
gone into it's design.
I am evaluating it's DOM-XSS scanning ability and was wondering if it's exspected behaviour not to detect dom xss with the following js on a web page:
<script>
document.write(location.hash.substring(1));
</script>
If this is expected behaviour is there anything I can configure to enable the detection?
The command I am using to run the scanner is :
./arachni http://192.168.13.135/xsstest.php --checks=xss*
Thanks,
Shaun
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by ShaunS on 25 May, 2016 07:12 PM
Ah looks like js got stripped, here is the code again:
document.write(location.hash.substring(1));
Support Staff 2 Posted by Tasos Laskos on 25 May, 2016 07:57 PM
Hello,
There's no direct input vector for the location hash in Arachni.
That issue would only be detected if it could somehow get triggered by interacting with the webapp's interface.
Let's say for example that the hash value was set to the value of a text input after clicking a button.
Then the text input would be logged as vulnerable.
Cheers
3 Posted by ShaunS on 25 May, 2016 08:51 PM
Hi Tasos,
Thanks for the quick response.
I added another page with a link to the xsstest.php which contained the location.hash:
Link to xss
The scanner was still unable to find the xss?
Support Staff 4 Posted by Tasos Laskos on 25 May, 2016 08:59 PM
For that case you'll need to specify a link template.
By default the system can only deal with hashes that look like:
Tasos Laskos closed this discussion on 03 Aug, 2016 02:27 PM.