You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was looking at a site that and alternative scanner had found an xss issue on. It was not a false positive.
Arachni, however, missed it.
The vulnerability is on a pair of select boxes. On selecting one of them a call is made on the server and this call is vulnerable. the injection vector is <script>alert(123)</script>
Could it be that Arachni does not check select boxes for some reason? They are not inside form tags.
The text was updated successfully, but these errors were encountered:
Really sorry but can not do that. I will see if I can get you more info or replicate it. After the Arachni scan is done the site map does not have the destination in it. The destination folder is in wp-includes as it is a WordPress site.
I went back to look at this when I was not tired. They are tags. The vulnerable url is called by jquery on change of the options.
The select tags are not between form tags so I am guessing that in auditing the page Arachni does not have a path extractor for anything like this?
I was looking at a site that and alternative scanner had found an xss issue on. It was not a false positive.
Arachni, however, missed it.
The vulnerability is on a pair of select boxes. On selecting one of them a call is made on the server and this call is vulnerable. the injection vector is <script>alert(123)</script>
Could it be that Arachni does not check select boxes for some reason? They are not inside form tags.
The text was updated successfully, but these errors were encountered: