How to execute JS events such as 'onclick'

FromJpn's Avatar

FromJpn

29 Mar, 2017 06:00 AM

Hi there,

It seems that JS events such as button 'onclick' are not executed during the scan.
In my case, some critical Ajax calls are triggered from 'onclick' events.
Is it possible to execute them? Do I need to do some settings for that?

  1. Support Staff 1 Posted by Tasos Laskos on 29 Mar, 2017 09:40 AM

    Tasos Laskos's Avatar

    It should be executed, this sounds like a bug. Any chance I can have access to the webapp to see what's going on?

  2. 2 Posted by fromJpn on 29 Mar, 2017 01:08 PM

    fromJpn's Avatar

    Here is a very simple screen, a button click will return a value with ajax-call and show it on the screen.
    My tests show that ajax-call is not executed.

    https://check.e-school.jp/arachnitest.php

  3. Support Staff 3 Posted by Tasos Laskos on 29 Mar, 2017 03:01 PM

    Tasos Laskos's Avatar

    Ar you sure? It seems to be working fine for me:

    ./bin/arachni https://check.e-school.jp/arachnitest.php --checks=sql_injection
    

    The button is clicked and all AJAX POST parameters are extracted and audited.

  4. Tasos Laskos closed this discussion on 12 May, 2017 12:42 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac