Comments on: XSS Rays

By: Gareth Heyes

Gareth Heyes — Fri, 18 Dec 2009 10:04:15 +0000

Working on a fix for this, there is a bug on firefox but the vectors are intentionally duplicated as there are path injections. A temporary workaround is either comment out the path injections or disable the path option in the vectors.

I should have a fix soon when I get chance to look at the code.

By: mindsparc

mindsparc — Wed, 16 Dec 2009 11:40:10 +0000

Can you please send the details for me too,
it is not working for me

By: jagstyle

jagstyle — Sat, 12 Dec 2009 01:44:32 +0000

Firefox 3.5.5

I sent an email with full details. Hopefully it’s helpful.

By: Gareth Heyes

Gareth Heyes — Thu, 10 Dec 2009 18:32:36 +0000

@jagstyle

Please can you tell me which browser you are using? It could be a bug in the way it gets the path

By: jagstyle

jagstyle — Thu, 10 Dec 2009 17:17:14 +0000

without it my test hangs at that point with the linkStatus field displaying “url: undefined”

By: Gareth Heyes

Gareth Heyes — Thu, 10 Dec 2009 07:08:19 +0000

@jagstyle

Nope this is intentional, I scan the path name of the url

By: jagstyle

jagstyle — Wed, 09 Dec 2009 21:39:58 +0000

isnt the xss function call on Line 175 (scanLinks function) of XSS_RAYS.js missing the href parameter?

observed:
this.xss({pathname:location.pathname,search:location.search, type: ‘url’});//scan originating url

expected:
this.xss({href:location.href,pathname:location.pathname,search:location.search, type: ‘url’});//scan originating url

By: HTD

HTD — Thu, 17 Sep 2009 18:56:30 +0000

Hi,

i liked your article very much,
and i would also like to point out another article on this blog ->
XSS Phishing

Thanks

By: Gareth Heyes

Gareth Heyes — Mon, 30 Mar 2009 08:18:40 +0000

Latest version is now 0.5.5

By: Balaji D Loganathan

Balaji D Loganathan — Sat, 28 Mar 2009 18:01:25 +0000

so nice.