w3af-svn-notify Mailing List for w3af (Page 47)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Taras <ox...@ox...> - 2012-08-04 20:04:40
|
Andres, > Regarding the js_event_handlers list, is there any reason for > excluding the ones defined in html5? We will add them all :) -- Taras http://oxdef.info GPG: C8D1F510 |
|
From: Taras <ox...@ox...> - 2012-08-04 19:58:57
|
Andres,
It is all right with this test because __VIEWSTATE is used here only as
CSRF token (not as vulnerable parameter). We already passes it.
> There is a test in WAVSEP that I think we won't be able to pass
> because of a performance improvement that w3af has:
>
> ('Case32-Tag2HtmlPageScopeValidViewstateRequired.jsp', 'userinput',
> ['userinput', '__VIEWSTATE']),
>
> If this means that w3af should find XSS vuln in __VIEWSTATE, I think
> it won't be possible because in fuzzer.py we have IGNORED_PARAMETERS
> that contains it.
>
> Of course we could change that... but I don't think it will make much
> sense. Just wanted to let you know beforehand so you know what's going
> on when that test is not passed.
>
> Regards,
>
> On 08/04/2012 10:16 AM, ox...@us... wrote:
>> Revision: 5502
>> http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev Author:
>> oxdef Date: 2012-08-04 13:16:16 +0000 (Sat, 04 Aug 2012) Log
>> Message: ----------- Fixed tests
>>
>> Modified Paths: --------------
>> branches/xss/plugins/tests/audit/test_xss.py
>>
>> This was sent by the SourceForge.net collaborative development
>> platform, the world's largest Open Source development site.
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>> Discussions will include endpoint security, mobile security and the
>> latest in malware threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________ W3af-svn-notify
>> mailing list W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
>>
>
>
>
> - --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAlAdPXYACgkQLgy+VpPDRPPoeACfT0E2CDyx7xLHjlGcSmv5YtoK
> T9oAnAiRHO8zbmorJGHR+OGEFtX7E2OS
> =rXXC
> -----END PGP SIGNATURE-----
--
Taras
http://oxdef.info
GPG: C8D1F510
|
|
From: Andres R. <and...@gm...> - 2012-08-04 15:21:39
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Taras, Regarding the js_event_handlers list, is there any reason for excluding the ones defined in html5? Regards, On 08/04/2012 07:19 AM, ox...@us... wrote: > Revision: 5498 > http://w3af.svn.sourceforge.net/w3af/?rev=5498&view=rev Author: > oxdef Date: 2012-08-04 10:19:59 +0000 (Sat, 04 Aug 2012) Log > Message: ----------- Added JS events > > Modified Paths: -------------- > branches/xss/core/data/context/context.py > > This was sent by the SourceForge.net collaborative development > platform, the world's largest Open Source development site. > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ W3af-svn-notify > mailing list W3a...@li... > https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify > - -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlAdPfQACgkQLgy+VpPDRPPNkwCgmcjvbGh2uDRuSQACJPt4MZoG g1cAoK+EskOiFMZXHWXJV1rKRH+q0noq =wXFe -----END PGP SIGNATURE----- |
|
From: Andres R. <and...@gm...> - 2012-08-04 15:19:30
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Taras,
There is a test in WAVSEP that I think we won't be able to pass
because of a performance improvement that w3af has:
('Case32-Tag2HtmlPageScopeValidViewstateRequired.jsp', 'userinput',
['userinput', '__VIEWSTATE']),
If this means that w3af should find XSS vuln in __VIEWSTATE, I think
it won't be possible because in fuzzer.py we have IGNORED_PARAMETERS
that contains it.
Of course we could change that... but I don't think it will make much
sense. Just wanted to let you know beforehand so you know what's going
on when that test is not passed.
Regards,
On 08/04/2012 10:16 AM, ox...@us... wrote:
> Revision: 5502
> http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev Author:
> oxdef Date: 2012-08-04 13:16:16 +0000 (Sat, 04 Aug 2012) Log
> Message: ----------- Fixed tests
>
> Modified Paths: --------------
> branches/xss/plugins/tests/audit/test_xss.py
>
> This was sent by the SourceForge.net collaborative development
> platform, the world's largest Open Source development site.
>
>
> ------------------------------------------------------------------------------
>
>
Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions will include endpoint security, mobile security and the
> latest in malware threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________ W3af-svn-notify
> mailing list W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
>
- --
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlAdPXYACgkQLgy+VpPDRPPoeACfT0E2CDyx7xLHjlGcSmv5YtoK
T9oAnAiRHO8zbmorJGHR+OGEFtX7E2OS
=rXXC
-----END PGP SIGNATURE-----
|
|
From: <ox...@us...> - 2012-08-04 13:16:22
|
Revision: 5502
http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev
Author: oxdef
Date: 2012-08-04 13:16:16 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Fixed tests
Modified Paths:
--------------
branches/xss/plugins/tests/audit/test_xss.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ox...@us...> - 2012-08-04 13:01:57
|
Revision: 5501
http://w3af.svn.sourceforge.net/w3af/?rev=5501&view=rev
Author: oxdef
Date: 2012-08-04 13:01:51 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Added backticks
Modified Paths:
--------------
branches/xss/plugins/audit/xss.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ox...@us...> - 2012-08-04 12:38:47
|
Revision: 5500
http://w3af.svn.sourceforge.net/w3af/?rev=5500&view=rev
Author: oxdef
Date: 2012-08-04 12:38:41 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Added support for:
1. attr values without quotes
2. attr values quoted by backticks
Modified Paths:
--------------
branches/xss/core/data/context/context.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ox...@us...> - 2012-08-04 10:20:54
|
Revision: 5499
http://w3af.svn.sourceforge.net/w3af/?rev=5499&view=rev
Author: oxdef
Date: 2012-08-04 10:20:48 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Added wavsep tests for GET XSSs
Modified Paths:
--------------
branches/xss/plugins/tests/audit/test_xss.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ox...@us...> - 2012-08-04 10:20:05
|
Revision: 5498
http://w3af.svn.sourceforge.net/w3af/?rev=5498&view=rev
Author: oxdef
Date: 2012-08-04 10:19:59 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Added JS events
Modified Paths:
--------------
branches/xss/core/data/context/context.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-03 15:59:34
|
Revision: 5497
http://w3af.svn.sourceforge.net/w3af/?rev=5497&view=rev
Author: andresriancho
Date: 2012-08-03 15:59:28 +0000 (Fri, 03 Aug 2012)
Log Message:
-----------
Better outdated profile error handling that should reduce user annoyances and questions during updates.
Modified Paths:
--------------
branches/threading2/core/controllers/coreHelpers/profiles.py
branches/threading2/core/data/profile/profile.py
branches/threading2/core/ui/consoleUi/profiles.py
branches/threading2/core/ui/consoleUi/tests/test_consoleui.py
branches/threading2/core/ui/gtkUi/profiles.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-03 15:55:42
|
Revision: 5496
http://w3af.svn.sourceforge.net/w3af/?rev=5496&view=rev
Author: andresriancho
Date: 2012-08-03 15:55:33 +0000 (Fri, 03 Aug 2012)
Log Message:
-----------
Cosmetic
Modified Paths:
--------------
branches/threading2/core/controllers/miscSettings.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2012-08-03 10:15:18
|
Revision: 5495
http://w3af.svn.sourceforge.net/w3af/?rev=5495&view=rev
Author: svetleo
Date: 2012-08-03 10:15:08 +0000 (Fri, 03 Aug 2012)
Log Message:
-----------
changed translation
Modified Paths:
--------------
extras/w3af_webui/trunk/src/w3af_webui/locale/ru/LC_MESSAGES/django.mo
extras/w3af_webui/trunk/src/w3af_webui/locale/ru/LC_MESSAGES/django.po
extras/w3af_webui/trunk/src/w3af_webui/templates/admin/w3af_webui/vulnerabilities.html
extras/w3af_webui/trunk/src/w3af_webui/views.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 17:47:26
|
Revision: 5494
http://w3af.svn.sourceforge.net/w3af/?rev=5494&view=rev
Author: andresriancho
Date: 2012-08-02 17:47:20 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Might come useful in the future. Used to change the names of all plugins from camelCase to underscore_separated
Added Paths:
-----------
extras/misc/w3af_wide_search_replace.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 17:19:14
|
Revision: 5493
http://w3af.svn.sourceforge.net/w3af/?rev=5493&view=rev
Author: andresriancho
Date: 2012-08-02 17:19:08 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Removed the generic "xpath" payload
Modified Paths:
--------------
branches/threading2/plugins/audit/xpath.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 17:14:07
|
Revision: 5492
http://w3af.svn.sourceforge.net/w3af/?rev=5492&view=rev
Author: andresriancho
Date: 2012-08-02 17:14:01 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Adding test case for demo.testfire.net login
Modified Paths:
--------------
branches/threading2/plugins/tests/auth/test_generic.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 16:56:55
|
Revision: 5491
http://w3af.svn.sourceforge.net/w3af/?rev=5491&view=rev
Author: andresriancho
Date: 2012-08-02 16:56:49 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Cosmetic
Modified Paths:
--------------
branches/threading2/core/data/dc/form.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 13:14:00
|
Revision: 5490
http://w3af.svn.sourceforge.net/w3af/?rev=5490&view=rev
Author: andresriancho
Date: 2012-08-02 13:13:49 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
* Improved archive_dot_org to use threads during crawling
* Better unittesting
* Remove script
Modified Paths:
--------------
branches/threading2/plugins/discovery/archive_dot_org.py
Added Paths:
-----------
branches/threading2/plugins/tests/discovery/test_archive_dot_org.py
Removed Paths:
-------------
branches/threading2/scripts/script-archive_dot_org.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 13:12:58
|
Revision: 5489
http://w3af.svn.sourceforge.net/w3af/?rev=5489&view=rev
Author: andresriancho
Date: 2012-08-02 13:12:49 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Better error message
Modified Paths:
--------------
branches/threading2/core/data/url/httpResponse.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 02:08:49
|
Revision: 5488
http://w3af.svn.sourceforge.net/w3af/?rev=5488&view=rev
Author: andresriancho
Date: 2012-08-02 02:08:43 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
A working archive_dot_org plugin! Possibly after years of not working.
Modified Paths:
--------------
branches/threading2/plugins/discovery/archive_dot_org.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 02:08:09
|
Revision: 5487
http://w3af.svn.sourceforge.net/w3af/?rev=5487&view=rev
Author: andresriancho
Date: 2012-08-02 02:08:03 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Cosmetic
Modified Paths:
--------------
branches/threading2/plugins/tests/discovery/test_digit_sum.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-02 00:14:07
|
Revision: 5486
http://w3af.svn.sourceforge.net/w3af/?rev=5486&view=rev
Author: andresriancho
Date: 2012-08-02 00:14:01 +0000 (Thu, 02 Aug 2012)
Log Message:
-----------
Moved responsability of reporting what is being tested to the strategy.
Modified Paths:
--------------
branches/threading2/core/controllers/coreHelpers/strategy.py
branches/threading2/plugins/discovery/archive_dot_org.py
branches/threading2/plugins/discovery/slash.py
branches/threading2/plugins/discovery/url_fuzzer.py
branches/threading2/plugins/discovery/user_dir.py
branches/threading2/plugins/discovery/web_diff.py
branches/threading2/plugins/discovery/web_spider.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-01 23:20:11
|
Revision: 5485
http://w3af.svn.sourceforge.net/w3af/?rev=5485&view=rev
Author: andresriancho
Date: 2012-08-01 23:20:05 +0000 (Wed, 01 Aug 2012)
Log Message:
-----------
* Fixed unittest
* Fixed bug in plugin
Modified Paths:
--------------
branches/threading2/plugins/discovery/digit_sum.py
branches/threading2/plugins/tests/discovery/test_digit_sum.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-01 19:53:09
|
Revision: 5484
http://w3af.svn.sourceforge.net/w3af/?rev=5484&view=rev
Author: andresriancho
Date: 2012-08-01 19:53:03 +0000 (Wed, 01 Aug 2012)
Log Message:
-----------
plugin name change -> unittest changes -> php script location changes
Added Paths:
-----------
extras/testEnv/webroot/moth/w3af/discovery/digit_sum/
Removed Paths:
-------------
extras/testEnv/webroot/moth/w3af/discovery/digitSum/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-01 19:50:52
|
Revision: 5483
http://w3af.svn.sourceforge.net/w3af/?rev=5483&view=rev
Author: andresriancho
Date: 2012-08-01 19:50:47 +0000 (Wed, 01 Aug 2012)
Log Message:
-----------
Cosmetic
Modified Paths:
--------------
branches/threading2/plugins/tests/discovery/test_spider_man.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-01 19:50:33
|
Revision: 5482
http://w3af.svn.sourceforge.net/w3af/?rev=5482&view=rev
Author: andresriancho
Date: 2012-08-01 19:50:27 +0000 (Wed, 01 Aug 2012)
Log Message:
-----------
Added an id to http response objects because they were required by the click_jacking plugin to work.
Modified Paths:
--------------
branches/threading2/plugins/tests/grep/test_all.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
