xss issue was missed. #899
Comments
|
I'll need a reproducible case to see what's going on, any chance that I can be given access to the webapp? |
|
Really sorry but can not do that. I will see if I can get you more info or replicate it. After the Arachni scan is done the site map does not have the destination in it. The destination folder is in wp-includes as it is a WordPress site. |
|
A correction they are divs with a class of called 'select box' not the tag . |
|
I went back to look at this when I was not tired. They are tags. The vulnerable url is called by jquery on change of the options. The select tags are not between form tags so I am guessing that in auditing the page Arachni does not have a path extractor for anything like this? |
|
This goes past path extractors, it has to do with how the DOM is manipulated, although without a test case I can't know what going on. If you have some Ruby experience, creating a simple Sinatra webapp that reproduces this issue would be most helpful. |
I was looking at a site that and alternative scanner had found an xss issue on. It was not a false positive.
Arachni, however, missed it.
The vulnerability is on a pair of select boxes. On selecting one of them a call is made on the server and this call is vulnerable. the injection vector is <script>alert(123)</script>
Could it be that Arachni does not check select boxes for some reason? They are not inside form tags.
The text was updated successfully, but these errors were encountered: