04-19-2007
JavaScript is being executed on Clients' side, so the box itself is secure. Web servers are vulnerable to XSS (cros-site-scripting), but each application may be secured additionally. There's no trojan horse in JS, but successful exploit may lead the client to page with VB script or something like that.
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
I have an array of data as below:
df = trx
df = xml
I would like to create a function which contains array inside it and the value is determined when the function is called as below:
function pass_or_fail
{
if } ]
then
echo " ${df} FAILED. Please check logs"
... (8 Replies)
Discussion started by: luna_soleil
8 Replies
2. Programming
Hi!
I am working on fedora..
trying to execute BSD4.4 client-server program which includes "unp.h" header file...
While executing make command, I got error like,
" expected " , " , " ; ",or ")" in connect_nonb file...ERROR 1 "
I tried to change mode of makefile but I can't get... (4 Replies)
Discussion started by: nisha_vaghela
4 Replies
3. UNIX for Dummies Questions & Answers
How does unix system administration, unix programming, unix network programming differ?
Please help. (0 Replies)
Discussion started by: thulasidharan2k
0 Replies
4. Homework & Coursework Questions
1. The problem statement, all variables and given/known data:
Prepare a report discussing from an administration and security perspective, role and function of a JavaScript within a UNIX network. You should illustrate your answer with practical examples. In particular attention should me paid to... (1 Reply)
Discussion started by: afdesignz
1 Replies
5. Shell Programming and Scripting
Hi
Need help...I have wrritten one code for html through shell scripting in that i am using java scripts to validate some condition and open the html page without clicking the button....
Code Details
echo "<script type="text/javascript">"
echo "function exec_refresh()"
echo "{"
... (4 Replies)
Discussion started by: l_gshankar24
4 Replies
6. Shell Programming and Scripting
I have a code like this
v_time=12:12:12
correctTimeFlag=$(echo $v_time|awk '{for(i=1;i<=NF;i++) if( $i ~ /::/){print i}}')
if
then
echo "correct"
fi
I need a equivalent function to replace the line
correctTimeFlag=$(echo $v_time|awk '{for(i=1;i<=NF;i++) if( $i ~... (3 Replies)
Discussion started by: swayam123
3 Replies
7. Shell Programming and Scripting
I want to navigate through a webpage and save that page in my system local automatically. How can I do that by using JavaScript in a Unix shell script. Any suggestions are welcome! (3 Replies)
Discussion started by: abhi3093
3 Replies
8. Web Development
Hi
I am new to JavaScript & haven't done much work with it, but have mainly experience with UNIX. I have a piece of code where I want to grep (excuse the UNIX language :D) for a id and get the number from that.
{
"time": 900,
"avail": 1,
"price": 0,
"datetime":... (8 Replies)
Discussion started by: simpsa27
8 Replies
LEARN ABOUT DEBIAN
wapiti
WAPITI(1) User Commands WAPITI(1)
NAME
wapiti - a web application vulnerability scanner.
SYNOPSIS
wapiti http://server.com/base/url/ [options]
DESCRIPTION
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed
webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
OPTIONS
-s, --start <url>
specify an url to start with.
-x, --exclude <url>
exclude an url from the scan (for example logout scripts) you can also use a wildcard (*):
Example : -x "http://server/base/?page=*&module=test" or -x "http://server/base/admin/*" to exclude a directory
-p, --proxy <url_proxy>
specify a proxy (-p http://proxy:port/)
-c, --cookie <cookie_file>
use a cookie
-t, --timeout <timeout>
set the timeout (in seconds)
-a, --auth <login%password>
set credentials (for HTTP authentication) doesn't work with Python 2.4
-r, --remove <parameter_name>
removes a parameter from URLs
-m, --module <module>
use a predefined set of scan/attack options:
GET_ALL: only use GET request (no POST)
GET_XSS: only XSS attacks with HTTP GET method
POST_XSS: only XSS attacks with HTTP POST method
-u, --underline
use color to highlight vulnerable parameters in output
-v, --verbose <level>
set the verbosity level:
0: quiet (default),
1: print each url,
2: print every attack
-h, --help
print help page
EFFICIENCY
Wapiti is developed in Python and use a library called lswww. This web spider library does the most of the work. Unfortunately, the html
parsers module within python only works with well formed html pages so lswww fails to extract information from bad-coded webpages. Tidy can
clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should:
apt-get install python-utidylib python-ctypes
AUTHOR
Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas@gmail.com>
Manpage created by Thomas Blasing <thomasbl@pool.math.tu-berlin.de>
http://wapiti.sourceforge.net/ July 2007 WAPITI(1)