Home → Questions →

Issues are reported only for first URL from list of URLs

• Edit

Varun

27 Jul, 2016 12:33 PM

I am currently using --scope-restrict-paths with my file containing 5 urls like

http://test.com/Users/getUserDetails?groupName=x&domain=x
http://test.com/Groups/getGroupDetails?groupName=x&domain=x
http://test.com/Groups/getMembershipDetails?domain=x&forGroup=x...
http://test.com/Users/getAuditsForUser?domain=x&forUser=x&p...
http://test.com/Groups/getAuditsForGroup?domain=x&forUser=x&amp...

Interestingly the issues are reported only for the first URL in the list, although it exists in all URLs. If I change the order, it again reports for the top one. Am I missing something ? My command line invocation is like

./arachni http://test.com --output-debug 4 --scope-restrict-paths urlList.txt --checks "*xss*"

-Thanks

1. Support Staff 1 Posted by Tasos Laskos on 27 Jul, 2016 12:37 PM

   

   This shouldn't be happening, any chance I can get access to that site to try and reproduce the issue?

   • Edit

2. 2 Posted by Varun on 27 Jul, 2016 12:50 PM

   

   Thanks for a quick response.

   Unfortunately, this is an internal application so I cannot give you access. I updated my file to only two urls and ran two invocation with different order of urls

   First invocation

    [*] Health map
    [~] ~~~~~~~~~~~~~~
    [~] Description: Generates a simple list of safe/unsafe URLs.
   
    [~] Legend:
    [+] No issues
    [-] Has issues
   
    [-] http://test.com/Groups/getGroupDetails
    [+] http://test.com/Users/getUserDetails
   
    [~] Total: 2
    [+] Without issues: 1
    [-] With issues: 1 ( 50% )
   

   When I change the order without any change in command invocation, I get the following result

   [*] Health map
    [~] ~~~~~~~~~~~~~~
    [~] Description: Generates a simple list of safe/unsafe URLs.
   
    [~] Legend:
    [+] No issues
    [-] Has issues
   
    [+] http://test..com/Groups/getGroupDetails
    [-] http://test.com/Users/getUserDetails
   
    [~] Total: 2
    [+] Without issues: 1
    [-] With issues: 1 ( 50% )
   

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on 27 Jul, 2016 02:33 PM

   

   I think I fixed the bug, I'm updating the nightlies so you can test them.

   • Edit

4. 4 Posted by Varun on 27 Jul, 2016 05:50 PM

   

   Thanks Tasos.

   It works fine with nightlies. Great !!

   • Edit

5. Support Staff 5 Posted by Tasos Laskos on 27 Jul, 2016 05:51 PM

   

   Forgot to let you know they were up, but glad to know they fixed the issue.

   Thanks for the feedback.

   • Edit

6. Tasos Laskos closed this discussion on 27 Jul, 2016 05:51 PM.