LinuxSecurity.com: It was discovered that Python Paste did not properly sanitize certainstrings, resulting in cross-site scripting (XSS) vulnerabilities. Withcross-site scripting vulnerabilities, if a user were tricked into viewingserver output during a crafted server request, a remote attacker couldexploit this to modify the contents, or steal confidential data, within [More...]
Hello,
I hope this means something to someone. I have an odd problem that just started happening recently. I am not the system admin, so I don't have full info on any changes to the system lately. Except that I did upgrade OpenSSL to version 1.0.1.c from 1.0.0j.
Anyway, I am trying to... (4 Replies)
WAPITI(1) User Commands WAPITI(1)NAME
wapiti - a web application vulnerability scanner.
SYNOPSIS
wapiti http://server.com/base/url/ [options]
DESCRIPTION
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed
webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
OPTIONS -s, --start <url>
specify an url to start with.
-x, --exclude <url>
exclude an url from the scan (for example logout scripts) you can also use a wildcard (*):
Example : -x "http://server/base/?page=*&module=test" or -x "http://server/base/admin/*" to exclude a directory
-p, --proxy <url_proxy>
specify a proxy (-p http://proxy:port/)
-c, --cookie <cookie_file>
use a cookie
-t, --timeout <timeout>
set the timeout (in seconds)
-a, --auth <login%password>
set credentials (for HTTP authentication) doesn't work with Python 2.4
-r, --remove <parameter_name>
removes a parameter from URLs
-m, --module <module>
use a predefined set of scan/attack options:
GET_ALL: only use GET request (no POST)
GET_XSS: only XSS attacks with HTTP GET method
POST_XSS: only XSS attacks with HTTP POST method
-u, --underline
use color to highlight vulnerable parameters in output
-v, --verbose <level>
set the verbosity level:
0: quiet (default),
1: print each url,
2: print every attack
-h, --help
print help page
EFFICIENCY
Wapiti is developed in Python and use a library called lswww. This web spider library does the most of the work. Unfortunately, the html
parsers module within python only works with well formed html pages so lswww fails to extract information from bad-coded webpages. Tidy can
clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should:
apt-get install python-utidylib python-ctypes
AUTHOR
Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas@gmail.com>
Manpage created by Thomas Blasing <thomasbl@pool.math.tu-berlin.de>
http://wapiti.sourceforge.net/ July 2007 WAPITI(1)