Penetration Testing mailing list archives

Re: Web Application Scanners Comparison

From: Derek Fountain <derekfountain () yahoo co uk>
Date: Wed, 28 Jan 2009 14:06:13 +0000

anantasec wrote:

I've tested 13 web applications (some of them containing a lot of
vulnerabilities), 3 demo applications provided by the vendors
(testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and
I've done some tests to verify Javascript execution capabilities.


You've labelled this piece of Javascript:

<script>
  // simple
  document.location = '/test_JS_1';
</script>

as "A valid vulnerability was reported" by each of the 3 contenders. 5points each.


I must be missing something. Where's the vulnerability?

Current thread:

Re: Web Application Scanners Comparison, (continued)
- - Message not available
    - Re: Web Application Scanners Comparison anantasec (Jan 27)
    - Re: Web Application Scanners Comparison Andre Gironda (Jan 28)
    - Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison love.wadhwa () naukri com (Jan 28)
  - Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison Dotzero (Jan 28)
  - Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison Roman Medina-Heigl Hernandez (Jan 28)
  - Re: Web Application Scanners Comparison anantasec (Jan 28)
- Message not available
  - Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison Derek Fountain (Jan 28)
- Re: Web Application Scanners Comparison Adriel T. Desautels (Jan 28)
  - Re: Web Application Scanners Comparison anantasec (Jan 28)