Comments on: XSS Rays http://www.thespanner.co.uk/2009/03/25/xss-rays/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Gareth Heyes http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1850 Gareth Heyes Mon, 01 Nov 2010 10:38:39 +0000 http://www.thespanner.co.uk/?p=378#comment-1850 @jyoti @3p1C I plan to update the XSS Rays code and release a new version which will hopefully make it more user friendly. In the meantime try editing the XSS_Rays.js file to execute automatically @jyoti @3p1C

I plan to update the XSS Rays code and release a new version which will hopefully make it more user friendly. In the meantime try editing the XSS_Rays.js file to execute automatically

]]> By: jyoti bajoria http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1849 jyoti bajoria Sun, 31 Oct 2010 06:40:19 +0000 http://www.thespanner.co.uk/?p=378#comment-1849 Hi , i tried to use this tool , but nt able to activate. Clicked on the link in my favourites also & then pressed the combination of keys also as mentioned. Help me in giving detailed steps to start this. Hi , i tried to use this tool , but nt able to activate. Clicked on the link in my favourites also & then pressed the combination of keys also as mentioned. Help me in giving detailed steps to start this.

]]> By: 3p1C http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1841 3p1C Sun, 03 Oct 2010 07:53:59 +0000 http://www.thespanner.co.uk/?p=378#comment-1841 I can't scan something except on 127.0.0.1 despite I changed the xss_rays.js and bookmarklet.php files. When scan start is clicked nothing happens. I can’t scan something except on 127.0.0.1 despite I changed the xss_rays.js and bookmarklet.php files. When scan start is clicked nothing happens.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1667 Gareth Heyes Fri, 18 Dec 2009 10:04:15 +0000 http://www.thespanner.co.uk/?p=378#comment-1667 Working on a fix for this, there is a bug on firefox but the vectors are intentionally duplicated as there are path injections. A temporary workaround is either comment out the path injections or disable the path option in the vectors. I should have a fix soon when I get chance to look at the code. Working on a fix for this, there is a bug on firefox but the vectors are intentionally duplicated as there are path injections. A temporary workaround is either comment out the path injections or disable the path option in the vectors.

I should have a fix soon when I get chance to look at the code.

]]> By: mindsparc http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1663 mindsparc Wed, 16 Dec 2009 11:40:10 +0000 http://www.thespanner.co.uk/?p=378#comment-1663 Can you please send the details for me too, it is not working for me Can you please send the details for me too,
it is not working for me

]]> By: jagstyle http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1660 jagstyle Sat, 12 Dec 2009 01:44:32 +0000 http://www.thespanner.co.uk/?p=378#comment-1660 Firefox 3.5.5 I sent an email with full details. Hopefully it's helpful. Firefox 3.5.5

I sent an email with full details. Hopefully it’s helpful.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1658 Gareth Heyes Thu, 10 Dec 2009 18:32:36 +0000 http://www.thespanner.co.uk/?p=378#comment-1658 @jagstyle Please can you tell me which browser you are using? It could be a bug in the way it gets the path @jagstyle

Please can you tell me which browser you are using? It could be a bug in the way it gets the path

]]> By: jagstyle http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1657 jagstyle Thu, 10 Dec 2009 17:17:14 +0000 http://www.thespanner.co.uk/?p=378#comment-1657 without it my test hangs at that point with the linkStatus field displaying "url: undefined" without it my test hangs at that point with the linkStatus field displaying “url: undefined”

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1656 Gareth Heyes Thu, 10 Dec 2009 07:08:19 +0000 http://www.thespanner.co.uk/?p=378#comment-1656 @jagstyle Nope this is intentional, I scan the path name of the url @jagstyle

Nope this is intentional, I scan the path name of the url

]]> By: jagstyle http://www.thespanner.co.uk/2009/03/25/xss-rays/#comment-1652 jagstyle Wed, 09 Dec 2009 21:39:58 +0000 http://www.thespanner.co.uk/?p=378#comment-1652 isnt the xss function call on Line 175 (scanLinks function) of XSS_RAYS.js missing the href parameter? observed: this.xss({pathname:location.pathname,search:location.search, type: 'url'});//scan originating url expected: this.xss({href:location.href,pathname:location.pathname,search:location.search, type: 'url'});//scan originating url isnt the xss function call on Line 175 (scanLinks function) of XSS_RAYS.js missing the href parameter?

observed:
this.xss({pathname:location.pathname,search:location.search, type: ‘url’});//scan originating url

expected:
this.xss({href:location.href,pathname:location.pathname,search:location.search, type: ‘url’});//scan originating url

]]>