By Romain Saturday, December 16 2006 - 10:32 UTC - Stuffs - Permalink
Yesterday, I was testing some web apps scanner with my Test Suite (this test suite aimed to represent the actual common website: PHP, MySQL, CSS, JavaScript,AJAX) and what I really fear happened.
Most of them does not read the JavaScript and then... nothing.
I was only trying to catch the 14 possible SQL Injection which are all behind a AJAX Login system. The basic tools (like Grabber for instance) don't have a login mechanism but it's okay, the script names are in the JavaScript! A tool like Wapiti handle the cookies, but because it does not support the dynamic auth login, I cannot retrieve the cookies with its "getcookie.py" tool. I should have to create these cookies manually to bypass the login system...
Anyway... to make them feel better with the results I have to:
Another point about the first results I can see... a tool like Paros allows you to make lots of intereseting action because it's a proxy tool (you set it as a proxy into your browser then it save the actions you see, this is okay for the AJAX etc.). But when I looked at the results (for the SQL Injection only) it seems that it simply tag each parameter with the SQL Injection vulnerabilty (even if the parameter is only used by is presence in the URL), I was a little bit confuse about this...
Comments