dradis-ntospider 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,4 @@
1
+ evidence.web_site
2
+ evidence.vuln_url
3
+ evidence.normalized_url
4
+ evidence.vuln_param
@@ -0,0 +1,200 @@
1
+ <Vuln>
2
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
3
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
4
+ <ScanName>hackthissite</ScanName>
5
+ <WebSite>http://www.hackthissite.org:80</WebSite>
6
+ <VulnType>Reflected Cross-site scripting (XSS)</VulnType>
7
+ <VulnUrl>http://www.hackthissite.org/</VulnUrl>
8
+ <NormalizedUrl>http://www.hackthissite.org/?</NormalizedUrl>
9
+ <MatchedString></MatchedString>
10
+ <NormalizedPostParams></NormalizedPostParams>
11
+ <VulnParam>Unnamed</VulnParam>
12
+ <ParameterName>Unnamed</ParameterName>
13
+ <HtmlEntityAttacked>Query-Parameters</HtmlEntityAttacked>
14
+ <AttackType>javascript after single quote</AttackType>
15
+ <AttackScore>3-Medium</AttackScore>
16
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
17
+ <Method>GET</Method>
18
+ <RootCauseId>9AEE038BB3477FE5A178FBA57C93FC76</RootCauseId>
19
+ <Description><![CDATA[<p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p>]]></Description>
20
+ <Recommendation><![CDATA[
21
+
22
+ <p>Reflected XSS attacks are also known as type 1 or non-persistent XSS attacks, and are the most frequent type of XSS attacks found nowadays.</p>
23
+
24
+ <p>When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests to the client. The common modus operandi of the attack includes a design step, in which the attacker creates and tests an offending URI, a social engineering step, in which she convinces her victims to load this URI on their browsers, and the eventual execution of the offending code - using the victim's credentials.</p>
25
+
26
+ <p>Commonly the attacker's code is written in the Javascript language, but other scripting languages are also used, e.g., ActionScript and VBScript.</p>
27
+
28
+ <p>Attackers typically leverage these vulnerabilities to install key loggers, steal victim cookies, perform clipboard theft, and change the content of the page (e.g., download links).</p>
29
+
30
+ <p>One of the important matters about exploiting XSS vulnerabilities is character encoding. In some cases, the web server or the web application may not be filtering some encodings of characters, so, for example, the web application might filter out "&lt;script&gt;", but might not filter "%3Cscript%3E" which simply includes another encoding of tags. A nice tool for testing character encodings is OWASP's CAL9000. </p>]]></Recommendation>
31
+ <Page>http://www.hackthissite.org/</Page>
32
+ <Url>http://www.hackthissite.org/</Url>
33
+ <VulnParamType>unknown</VulnParamType>
34
+ <CrawlTrafficTemplate>R0VUIC8/eGh5azJhanEtcHQgSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9OTFkOTgzOThhY2U2NzUxZjI3YTI5ZmNmYmJhMmMwOTQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYj0xOTg0MDI4NzAuNTAwLjEwLjE0MTMyNjA5MjM7IF9fdXRtYz0xOTg0MDI4NzA7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87DQoNCg==</CrawlTrafficTemplate>
35
+ <AttackClass>Application Developer</AttackClass>
36
+ <CweId>79</CweId>
37
+ <CAPEC>80</CAPEC>
38
+ <DISSA_ASC>3580</DISSA_ASC>
39
+ <OWASP2007>1</OWASP2007>
40
+ <OWASP2010>2</OWASP2010>
41
+ <OWASP2013>3</OWASP2013>
42
+ <OVAL>6312</OVAL>
43
+ <WASC>0</WASC>
44
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
45
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
46
+ <DefenseBL>
47
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
48
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
49
+ <PcreRegex></PcreRegex>
50
+ <ModSecurity></ModSecurity>
51
+ <Snort></Snort>
52
+ <Imperva>cross-site-scripting</Imperva>
53
+ </DefenseBL>
54
+ <DefenseWL>
55
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
56
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
57
+ <PcreRegex></PcreRegex>
58
+ <ModSecurity></ModSecurity>
59
+ <Snort></Snort>
60
+ <Imperva></Imperva>
61
+ </DefenseWL>
62
+ <AttackList>
63
+ <Attack>
64
+ <DbId>0FBEDA330DDC427CB8EFB550E5170614</DbId>
65
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
66
+ <AttackValue>'-alert(6759001)-'</AttackValue>
67
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
68
+ <AttackPostParams></AttackPostParams>
69
+ <AttackMatchedString>6759001</AttackMatchedString>
70
+ <AttackRequestList>
71
+ <AttackRequest>
72
+ <DbId>E70A833E09944518999100DD31DCDEDF</DbId>
73
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
74
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
75
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
76
+ <Benign>0</Benign>
77
+ </AttackRequest>
78
+ </AttackRequestList>
79
+ </Attack>
80
+ <Attack>
81
+ <DbId>6B29EBB4F4094201B6541769C9D3BCFB</DbId>
82
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
83
+ <AttackValue>';alert('xhsysg0a');//</AttackValue>
84
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
85
+ <AttackPostParams></AttackPostParams>
86
+ <AttackMatchedString>xhsysg0a</AttackMatchedString>
87
+ <AttackRequestList>
88
+ <AttackRequest>
89
+ <DbId>245EEA880FA748298BFDD11D286A2AA8</DbId>
90
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
91
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
92
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
93
+ <Benign>0</Benign>
94
+ </AttackRequest>
95
+ </AttackRequestList>
96
+ </Attack>
97
+ <Attack>
98
+ <DbId>208D71F46FC84F7A97A51A9D204936E8</DbId>
99
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
100
+ <AttackValue>'+alert(14357991)+'</AttackValue>
101
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
102
+ <AttackPostParams></AttackPostParams>
103
+ <AttackMatchedString>14357991</AttackMatchedString>
104
+ <AttackRequestList>
105
+ <AttackRequest>
106
+ <DbId>656C78FC2C5A4E8E88805D70E85C03BB</DbId>
107
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
108
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
109
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
110
+ <Benign>0</Benign>
111
+ </AttackRequest>
112
+ </AttackRequestList>
113
+ </Attack>
114
+ <Attack>
115
+ <DbId>FF2039A5A33D4167B1BD5F10DBD78989</DbId>
116
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
117
+ <AttackValue><![CDATA[xhyk2ajq-pt"><script>alert(15009454)</script>]]></AttackValue>
118
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
119
+ <AttackPostParams></AttackPostParams>
120
+ <AttackMatchedString>15009454</AttackMatchedString>
121
+ <AttackRequestList>
122
+ <AttackRequest>
123
+ <DbId>81362DB814024D8899B83D4A4FF7DE3A</DbId>
124
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
125
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
126
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
127
+ <Benign>0</Benign>
128
+ </AttackRequest>
129
+ </AttackRequestList>
130
+ </Attack>
131
+ <Attack>
132
+ <DbId>96A0331A38FF47AFA13C547518721E08</DbId>
133
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
134
+ <AttackValue><![CDATA[<img """><script>alert("x9khdxei")</script>">]]></AttackValue>
135
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
136
+ <AttackPostParams></AttackPostParams>
137
+ <AttackMatchedString>x9khdxei</AttackMatchedString>
138
+ <AttackRequestList>
139
+ <AttackRequest>
140
+ <DbId>49A7844AA3884CE19078E68B4F12E04B</DbId>
141
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
142
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
143
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
144
+ <Benign>0</Benign>
145
+ </AttackRequest>
146
+ </AttackRequestList>
147
+ </Attack>
148
+ <Attack>
149
+ <DbId>23E5FDE97F5E42628FC74477F8513B8D</DbId>
150
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
151
+ <AttackValue>');alert('x9krdis7');//</AttackValue>
152
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
153
+ <AttackPostParams></AttackPostParams>
154
+ <AttackMatchedString>x9krdis7</AttackMatchedString>
155
+ <AttackRequestList>
156
+ <AttackRequest>
157
+ <DbId>E982E7BCB4F64A56AC6AC1B8C697E284</DbId>
158
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
159
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
160
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
161
+ <Benign>0</Benign>
162
+ </AttackRequest>
163
+ </AttackRequestList>
164
+ </Attack>
165
+ <Attack>
166
+ <DbId>B87C5202F4A74BEBA06936F6BD186076</DbId>
167
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
168
+ <AttackValue>'-alert(15189768)-'</AttackValue>
169
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
170
+ <AttackPostParams></AttackPostParams>
171
+ <AttackMatchedString>15189768</AttackMatchedString>
172
+ <AttackRequestList>
173
+ <AttackRequest>
174
+ <DbId>E3F212EBD7134B958D3EB7D4369FE1A9</DbId>
175
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
176
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
177
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
178
+ <Benign>0</Benign>
179
+ </AttackRequest>
180
+ </AttackRequestList>
181
+ </Attack>
182
+ <Attack>
183
+ <DbId>ED858AB85A2C46C9953BA5E86C412BEE</DbId>
184
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
185
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
186
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
187
+ <AttackPostParams></AttackPostParams>
188
+ <AttackMatchedString>x9lj3cup</AttackMatchedString>
189
+ <AttackRequestList>
190
+ <AttackRequest>
191
+ <DbId>2F292FE91CD64B86B98B536D9BA66FE7</DbId>
192
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
193
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
194
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
195
+ <Benign>0</Benign>
196
+ </AttackRequest>
197
+ </AttackRequestList>
198
+ </Attack>
199
+ </AttackList>
200
+ </Vuln>
@@ -0,0 +1,11 @@
1
+ #[Title]#
2
+ %evidence.web_site%
3
+
4
+ #[URL]#
5
+ %evidence.vuln_url%
6
+
7
+ #[Normalized URL]#
8
+ %evidence.normalized_url%
9
+
10
+ #[Param]#
11
+ %evidence.vuln_param%
@@ -0,0 +1,18 @@
1
+ vuln.attack_class
2
+ vuln.attack_score
3
+ vuln.attack_type
4
+ vuln.attack_value
5
+ vuln.capec
6
+ vuln.cwe_id
7
+ vuln.description
8
+ vuln.dissa_asc
9
+ vuln.normalized_url
10
+ vuln.oval
11
+ vuln.owasp2007
12
+ vuln.owasp2010
13
+ vuln.owasp2013
14
+ vuln.recommendation
15
+ vuln.vuln_method
16
+ vuln.vuln_param
17
+ vuln.vuln_type
18
+ vuln.vuln_url
@@ -0,0 +1,200 @@
1
+ <Vuln>
2
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
3
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
4
+ <ScanName>hackthissite</ScanName>
5
+ <WebSite>http://www.hackthissite.org:80</WebSite>
6
+ <VulnType>Reflected Cross-site scripting (XSS)</VulnType>
7
+ <VulnUrl>http://www.hackthissite.org/</VulnUrl>
8
+ <NormalizedUrl>http://www.hackthissite.org/?</NormalizedUrl>
9
+ <MatchedString></MatchedString>
10
+ <NormalizedPostParams></NormalizedPostParams>
11
+ <VulnParam>Unnamed</VulnParam>
12
+ <ParameterName>Unnamed</ParameterName>
13
+ <HtmlEntityAttacked>Query-Parameters</HtmlEntityAttacked>
14
+ <AttackType>javascript after single quote</AttackType>
15
+ <AttackScore>3-Medium</AttackScore>
16
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
17
+ <Method>GET</Method>
18
+ <RootCauseId>9AEE038BB3477FE5A178FBA57C93FC76</RootCauseId>
19
+ <Description><![CDATA[<p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p>]]></Description>
20
+ <Recommendation><![CDATA[
21
+
22
+ <p>Reflected XSS attacks are also known as type 1 or non-persistent XSS attacks, and are the most frequent type of XSS attacks found nowadays.</p>
23
+
24
+ <p>When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests to the client. The common modus operandi of the attack includes a design step, in which the attacker creates and tests an offending URI, a social engineering step, in which she convinces her victims to load this URI on their browsers, and the eventual execution of the offending code - using the victim's credentials.</p>
25
+
26
+ <p>Commonly the attacker's code is written in the Javascript language, but other scripting languages are also used, e.g., ActionScript and VBScript.</p>
27
+
28
+ <p>Attackers typically leverage these vulnerabilities to install key loggers, steal victim cookies, perform clipboard theft, and change the content of the page (e.g., download links).</p>
29
+
30
+ <p>One of the important matters about exploiting XSS vulnerabilities is character encoding. In some cases, the web server or the web application may not be filtering some encodings of characters, so, for example, the web application might filter out "&lt;script&gt;", but might not filter "%3Cscript%3E" which simply includes another encoding of tags. A nice tool for testing character encodings is OWASP's CAL9000. </p>]]></Recommendation>
31
+ <Page>http://www.hackthissite.org/</Page>
32
+ <Url>http://www.hackthissite.org/</Url>
33
+ <VulnParamType>unknown</VulnParamType>
34
+ <CrawlTrafficTemplate>R0VUIC8/eGh5azJhanEtcHQgSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9OTFkOTgzOThhY2U2NzUxZjI3YTI5ZmNmYmJhMmMwOTQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYj0xOTg0MDI4NzAuNTAwLjEwLjE0MTMyNjA5MjM7IF9fdXRtYz0xOTg0MDI4NzA7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87DQoNCg==</CrawlTrafficTemplate>
35
+ <AttackClass>Application Developer</AttackClass>
36
+ <CweId>79</CweId>
37
+ <CAPEC>80</CAPEC>
38
+ <DISSA_ASC>3580</DISSA_ASC>
39
+ <OWASP2007>1</OWASP2007>
40
+ <OWASP2010>2</OWASP2010>
41
+ <OWASP2013>3</OWASP2013>
42
+ <OVAL>6312</OVAL>
43
+ <WASC>0</WASC>
44
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
45
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
46
+ <DefenseBL>
47
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
48
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
49
+ <PcreRegex></PcreRegex>
50
+ <ModSecurity></ModSecurity>
51
+ <Snort></Snort>
52
+ <Imperva>cross-site-scripting</Imperva>
53
+ </DefenseBL>
54
+ <DefenseWL>
55
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
56
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
57
+ <PcreRegex></PcreRegex>
58
+ <ModSecurity></ModSecurity>
59
+ <Snort></Snort>
60
+ <Imperva></Imperva>
61
+ </DefenseWL>
62
+ <AttackList>
63
+ <Attack>
64
+ <DbId>0FBEDA330DDC427CB8EFB550E5170614</DbId>
65
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
66
+ <AttackValue>'-alert(6759001)-'</AttackValue>
67
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
68
+ <AttackPostParams></AttackPostParams>
69
+ <AttackMatchedString>6759001</AttackMatchedString>
70
+ <AttackRequestList>
71
+ <AttackRequest>
72
+ <DbId>E70A833E09944518999100DD31DCDEDF</DbId>
73
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
74
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
75
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
76
+ <Benign>0</Benign>
77
+ </AttackRequest>
78
+ </AttackRequestList>
79
+ </Attack>
80
+ <Attack>
81
+ <DbId>6B29EBB4F4094201B6541769C9D3BCFB</DbId>
82
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
83
+ <AttackValue>';alert('xhsysg0a');//</AttackValue>
84
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
85
+ <AttackPostParams></AttackPostParams>
86
+ <AttackMatchedString>xhsysg0a</AttackMatchedString>
87
+ <AttackRequestList>
88
+ <AttackRequest>
89
+ <DbId>245EEA880FA748298BFDD11D286A2AA8</DbId>
90
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
91
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
92
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
93
+ <Benign>0</Benign>
94
+ </AttackRequest>
95
+ </AttackRequestList>
96
+ </Attack>
97
+ <Attack>
98
+ <DbId>208D71F46FC84F7A97A51A9D204936E8</DbId>
99
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
100
+ <AttackValue>'+alert(14357991)+'</AttackValue>
101
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
102
+ <AttackPostParams></AttackPostParams>
103
+ <AttackMatchedString>14357991</AttackMatchedString>
104
+ <AttackRequestList>
105
+ <AttackRequest>
106
+ <DbId>656C78FC2C5A4E8E88805D70E85C03BB</DbId>
107
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
108
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
109
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
110
+ <Benign>0</Benign>
111
+ </AttackRequest>
112
+ </AttackRequestList>
113
+ </Attack>
114
+ <Attack>
115
+ <DbId>FF2039A5A33D4167B1BD5F10DBD78989</DbId>
116
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
117
+ <AttackValue><![CDATA[xhyk2ajq-pt"><script>alert(15009454)</script>]]></AttackValue>
118
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
119
+ <AttackPostParams></AttackPostParams>
120
+ <AttackMatchedString>15009454</AttackMatchedString>
121
+ <AttackRequestList>
122
+ <AttackRequest>
123
+ <DbId>81362DB814024D8899B83D4A4FF7DE3A</DbId>
124
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
125
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
126
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
127
+ <Benign>0</Benign>
128
+ </AttackRequest>
129
+ </AttackRequestList>
130
+ </Attack>
131
+ <Attack>
132
+ <DbId>96A0331A38FF47AFA13C547518721E08</DbId>
133
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
134
+ <AttackValue><![CDATA[<img """><script>alert("x9khdxei")</script>">]]></AttackValue>
135
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
136
+ <AttackPostParams></AttackPostParams>
137
+ <AttackMatchedString>x9khdxei</AttackMatchedString>
138
+ <AttackRequestList>
139
+ <AttackRequest>
140
+ <DbId>49A7844AA3884CE19078E68B4F12E04B</DbId>
141
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
142
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
143
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
144
+ <Benign>0</Benign>
145
+ </AttackRequest>
146
+ </AttackRequestList>
147
+ </Attack>
148
+ <Attack>
149
+ <DbId>23E5FDE97F5E42628FC74477F8513B8D</DbId>
150
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
151
+ <AttackValue>');alert('x9krdis7');//</AttackValue>
152
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
153
+ <AttackPostParams></AttackPostParams>
154
+ <AttackMatchedString>x9krdis7</AttackMatchedString>
155
+ <AttackRequestList>
156
+ <AttackRequest>
157
+ <DbId>E982E7BCB4F64A56AC6AC1B8C697E284</DbId>
158
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
159
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
160
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
161
+ <Benign>0</Benign>
162
+ </AttackRequest>
163
+ </AttackRequestList>
164
+ </Attack>
165
+ <Attack>
166
+ <DbId>B87C5202F4A74BEBA06936F6BD186076</DbId>
167
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
168
+ <AttackValue>'-alert(15189768)-'</AttackValue>
169
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
170
+ <AttackPostParams></AttackPostParams>
171
+ <AttackMatchedString>15189768</AttackMatchedString>
172
+ <AttackRequestList>
173
+ <AttackRequest>
174
+ <DbId>E3F212EBD7134B958D3EB7D4369FE1A9</DbId>
175
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
176
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
177
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
178
+ <Benign>0</Benign>
179
+ </AttackRequest>
180
+ </AttackRequestList>
181
+ </Attack>
182
+ <Attack>
183
+ <DbId>ED858AB85A2C46C9953BA5E86C412BEE</DbId>
184
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
185
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
186
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
187
+ <AttackPostParams></AttackPostParams>
188
+ <AttackMatchedString>x9lj3cup</AttackMatchedString>
189
+ <AttackRequestList>
190
+ <AttackRequest>
191
+ <DbId>2F292FE91CD64B86B98B536D9BA66FE7</DbId>
192
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
193
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
194
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
195
+ <Benign>0</Benign>
196
+ </AttackRequest>
197
+ </AttackRequestList>
198
+ </Attack>
199
+ </AttackList>
200
+ </Vuln>
@@ -0,0 +1,44 @@
1
+ #[Title]#
2
+ %vuln.vuln_type%
3
+
4
+ #[Attack Class]#
5
+ %vuln.attack_class%
6
+
7
+ #[Attack Type]#
8
+ %vuln.attack_type%
9
+
10
+ #[Attack Score]#
11
+ %vuln.attack_score%
12
+
13
+ #[Attack Value]#
14
+ %vuln.attack_value%
15
+
16
+ #[Method]#
17
+ %vuln.vuln_method%
18
+
19
+ #[Description]#
20
+ %vuln.description%
21
+
22
+ #[Recommendation]#
23
+ %vuln.recommendation%
24
+
25
+ #[CweId]#
26
+ %vuln.cwe_id%
27
+
28
+ #[CAPEC]#
29
+ %vuln.capec%
30
+
31
+ #[DISSA_ASC]#
32
+ %vuln.dissa_asc%
33
+
34
+ #[OWASP2007]#
35
+ %vuln.owasp2007%
36
+
37
+ #[OWASP2010]#
38
+ %vuln.owasp2010%
39
+
40
+ #[OWASP2013]#
41
+ %vuln.owasp2013%
42
+
43
+ #[OVAL]#
44
+ %vuln.oval%