hi guys.

When I try to go to scan a website, in close the browser tag stopped after 
scanning, what method can realize the background scan code

my msn over#live.cn

twitter is https://twitter.com/#!/80sex

welcome to you discuss!

What steps will reproduce the problem?
1. Start Scan
2.
3.

What is the expected output? What do you see instead?
Scan Details:
Status: Pending...

No. URLs Found: 0
Time Taken: 0:11
No. HTTP Requests Sent: 0
No. Vulnerabilities Found: 0

No Vulnerabilities Found Yet


What version of the product are you using? On what operating system?
xampp version 3.2.1 Windows 7 Home Basic 64-bit

Please provide any additional information below.
It is not sending any kind of http request and simply the time taken is 
increasing. I have installed all the requirements.  

First of all, nice project! Good Job Mr. Blair!

I have several similar issues to those that have been mentioned here. Just 
wondering when will you release the next version of webvulscan. 

What steps will reproduce the problem?
1. Run the scanner
2.
3.

What is the expected output? Expected it to finish scan,exit or error.

What do you see instead? Got stuck on a URL, for over 25 mins on checking for 
SQL Injection. Expected it to time-out or error at some point.


What version of the product are you using? .12

On what operating system? Linux, not sure what kind (remote host)


Please provide any additional information below. running php 5.3, mod_fcgid

I've tried several URL's and none of which will produce a working PDF.

Emails are not being sent to users - or me.
PDF's are not being generated for no one.

Not Found

The requested URL /scanner/reports/Test_1.pdf was not found on this server.

What steps will reproduce the problem?
1. start  a scan, 
2.
3.



What is the expected output? What do you see instead?
Scan Details:
Status: Pending...

No. URLs Found: 0
Time Taken: 0:51
No. HTTP Requests Sent: 0
No. Vulnerabilities Found: 0



Output of http://localhost/webvulscan_v0.12/scanner/begin_scan.php is this:

Deprecated: Assigning the return value of new by reference is deprecated in 
C:\xampp\htdocs\webvulscan_v0.12\scanner\begin_scan.php on line 122

Deprecated: Assigning the return value of new by reference is deprecated in 
C:\xampp\htdocs\webvulscan_v0.12\crawler\PHPCrawl_071\classes\phpcrawler.class.p
hp on line 151

Fatal error: Call-time pass-by-reference has been removed in 
C:\xampp\htdocs\webvulscan_v0.12\scanner\classes\httpclient-2011-08-21\http.php 
on line 1049


What version of the product are you using? On what operating system?
Fresh install of Webvulscan v0.12 on Windows 7 x64, XAMPP v 1.8.0

Please provide any additional information below.
I'm going to try on XAMPP v1.7.4. I bet it will work then!  Thank you!

What steps will reproduce the problem?
1. In ur framework , how will it scan the authenticated pages i.e for the users 
who are logging in so that it can scan all the pages which is related to a 
specific user.
2.
3.

What is the expected output? What do you see instead?
The form authentication pages.

What version of the product are you using? On what operating system?
linux-debian

Please provide any additional information below.

//hello guys
//i have a problem with the connection string, i don't have the default //port 
for mysql, i have the port number '3308'.

//i try this :

        $server = 'localhost';
    $user = 'root';
    $pass ='';
    $datab ='webvulscan';
    $port = (int)$port='3308';


    $db = $db = new mysqli($server,$user,$pass,$datab,$port); 

// but that doesn't work.

//then i try other way:

$db = $db = new mysqli('localhost','root','','webvulscan','3308');


thankss.. i hope you can help me!

What steps will reproduce the problem?
1. follow the install & configure process, where no php extensions are present 
in /php_install_folder/ext folder but the ones indicated in current 
documentation
2.
3.

What is the expected output? What do you see instead?
Update install & config document to include dependency on php_mysqli.dll php 
extension

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

What steps will reproduce the problem?
1. Scanning a test application gives no indication on the total tests to be 
run, as well as tests left to be performed
2.
3.

What is the expected output? What do you see instead?
Show N/M (n out of m) tests performed info during a scan.

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

Can you add a module for scanning for Local and Remote File Includes?

What steps will reproduce the problem?
1. Pick either scanner or crawler resource, and attempt to scan some URL with 
an added apostrophe character, say http://test123.com/'
2. webvulscan tool will report a problem - Problem inserting a new test into 
the database. Please try again. 
3. check webvulscan logs in /webvulscanner_install_dir/scanner/logs/ folder

14:39:27:1027 ,scanner, Problem executing query: INSERT into 
tests(id,status,numUrlsFound,type,num_requests_sent,start_timestamp,finish_times
tamp,scan_finished,url,username,urls_found) VALUES(642,'Creating profile for 
new 
scan...',0,'scan',0,1350481167,1350481167,0,'http://testapp123.com/'','','') 

Please note the 'http://testapp123.com/'' bit in the INSERT statement captured 
in the log, the extra apostrophe beaks the SQL statement syntax - thus allowing 
successful SQL Injection attacks.

4. for more fun, attempt to scan/crawl the following URL:

http://testapp123.com/'+benchmark(90000000,sha1(1))+'

This will result into a serious jump in CPU consumption for mysql, since the 
mysql benchmark() function is successfully executed. 

Submitting more requests like this, or using an increased number of iterations 
would eventually lead to a crash of mysql process - thus leading to a 
successful DoS attack.

Analysis:

for scanner, this issue is caused by unsafe inclusion of HTTP request 
parameters into the SQL query defined in scanner_form.php, as shown below:

$query = "INSERT into 
tests(id,status,numUrlsFound,type,num_requests_sent,start_timestamp,finish_times
tamp,scan_finished,url,username,urls_found) VALUES($nextId,'Creating profile 
for new scan...',0,'scan',0,$now,$now,0,'$urlToScan','$username','')"; 
$result = $db->query($query); 

What is the expected output? What do you see instead?
Product should not be vulnerable itself to SQLi attacks.

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

What steps will reproduce one of the problems?

A.persistent XSS via urlToScan parameter of scanner.php 

screenshot 'persistent XSS_1.jpg' attacked

1. attempt to scan http://test123.com/<script>alert(1)</script> URL
2. the scan will start
3. check the scan history section. previously injected XSS payload is now 
executed

4. checking source of HTTP response returned when accessing history.php 
resource shows the user provide URL is nor properly escaped before being 
displayed to the user - thus allowing successful XSS attacks:

<tr><td align='center'>642</td><td align='left'>Wednesday 17th October 2012 
03:02:01 PM</td><td 
align='left'>http://test123.com/<script>alert(1)</script></td><td 
align='center'>0</td><td align='center'><a href="scanner/reports/Test_642.pdf" 
target="_blank">View</a></td></tr></table></p>
    </div>
  </div>
</div>
<!--MiddleRow END--> 

4. the following code from scan_history.php is to blame for this (the line 
displaying the unsafe unescaped scanned URL):

echo '<table border="3" width="900"><tr><th>ID</th><th>Start 
Time</th><th>URL</th><th>No. Vulnerabilities</th><th>Report</th></tr>';
            for($i=0; $i<$numRows; $i++)
            {
                $row = $result->fetch_object();
                $id = $row->id;
                $startTime = $row->start_timestamp;
                $startTimeFormatted = date('l jS F Y h:i:s A', $startTime);
                $url = $row->url;

                $numVulns = 'Unknown';
                $query = "SELECT * FROM test_results WHERE test_id = $id";
                $resultTwo = $db->query($query);
                if($resultTwo)
                    $numVulns = $resultTwo->num_rows;

                $report = '<a href="scanner/reports/Test_' . $id . '.pdf" target="_blank">View</a>';

                echo '<tr>';
                echo "<td align='center'>$id</td>";
                echo "<td align='left'>$startTimeFormatted</td>";
                echo "<td align='left'>$url</td>";
                echo "<td align='center'>$numVulns</td>";
                echo "<td align='center'>$report</td>";
                echo '</tr>';

            }
            echo '</table>';


B. some other XSS vulnerabilities for scanner.php resource

- reflected XSS via autoc parameter
- reflected XSS via basqli parameter
- reflected XSS via sqli parameter
- reflected XSS via urlToScan parameter

What is the expected output? What do you see instead?
The product should not vulnerable to XSS attacks, while it is

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

Recommendations:

1. Validate all user provided input using a white-list approach (known good 
characters) and regular expressions

2. All user provided data is properly escaped before being rendered/displayed 
as part of webvulscan forms. Use PHP best practices to enforce proper character 
escaping based
on the context where such content is being used (HTML code, JavaScript code, 
etc).

i can't begin?

Scan Details:
Status: Pending...

No. URLs Found: 0
Time Taken: 1:48
No. HTTP Requests Sent: 0
No. Vulnerabilities Found: 0

No Vulnerabilities Found Yet

help me pls

Warning: mysqli::mysqli(): (HY000/1049): Unknown database 'webvulscan' in 
/opt/lampp/htdocs/webvulscan_v0.12/scanner/functions/databaseFunctions.php on 
line 50
There was a problem connecting to the database. Please contact the 
administrator if problem persists

What steps will reproduce the problem?
1. Pick a test Web application which normally requires authentication
2. Point webvulscan to the test Web app and attempt a scan
3. Currently, there is no way the tool will pass login page (unless 
authentication is disabled entirely for the test app - which is unrealistic)

What is the expected output? What do you see instead?
Be able to scan an app which requires authentication and normally uses 
authorisation cookies to maintain the user session on client-side. Currently, 
this is not possible with latest version of webvulscan tool.

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

What steps will reproduce the problem?
1. use it
2.
3.

What is the expected output? What do you see instead?
its running on localhost so it should be fast to load at lest. Its not.

What version of the product are you using? On what operating system?
latest on ubuntu 10.04

Please provide any additional information below.
thanxs for taking the time to code this up and release it as OSS you rock for 
that!

when i replace phpCrawl to 0.8 has some problem

the scan can not to start

but the problem has no error!

Pretty Good product for Scanning Web applications.
What is the expected output? What do you see instead?
We need Suggested urls to get more information to reslove the issues.
E.g Required Suggested urls which can help to reslove issue for SQL injection 

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

What steps will reproduce the problem?
1. Run the scanner
2.
3.

What is the expected output? Expected it to finish scan,exit or error.

What do you see instead? Got stuck on a URL, for over 25 mins on checking for 
SQL Injection. Expected it to time-out or error at some point.


What version of the product are you using? .12

On what operating system? Linux, not sure what kind (remote host)


Please provide any additional information below. running php 5.3, mod_fcgid