arachni
arachni copied to clipboard
Arachni
arachni seems cannot find xss issue in web app with vue.js?
index.html snippet
<div id="app">
<div class="container">
<div class="form-group"><label>Company Name:</label><span v-html="company.companyName"></span></div>
<div class="form-group"><label>Contact Name:</label>{{ company.contactName }}</div>
<div class="form-group"><label>Phone:</label>{{ company.phone }}</div>
<form>
<div class="form-group">
<label>Company Name</label>
<input type="text" name="companyName" v-model="item.companyName"/>
</div>
<div class="form-group">
<label>Contact Name</label>
<input type="text" name="contactName" v-model="item.contactName"/>
</div>
<div class="form-group">
<label>Phone</label>
<input type="text" name="phone" v-model="item.phone"/>
</div>
<div class="form-group">
<label></label>
<button @click.prevent="createCustomer">Create</button>
</div>
</form>
</div>
</div>
js snippet
<script>
var ajaxHelper = new AjaxHelper();
var demo = new Vue({
el: '#app',
data: {
apiUrl: site_url + 'vtest/customers/',
company: {},
item: {}
},
methods: {
createCustomer: function () {
var vm = this,
callback = function (data) {
vm.company = data;
};
ajaxHelper.post(vm.apiUrl, vm.item, callback);
}
}
})
</script>
I guess arachni with phantomjs can not inspect event binding in vue.js(mvvm framework) , so i try to change the test case using jquery , this time, arachni found the xss issues.
i tried to install nightlies version(arachni-2.0dev-1.0dev-windows-x86_64.exe) in windows, then i scan in linux but still failed to found
Hello, I can't use arachni to scan my web project using vue.js. Is there any good advice? Thank you
你好,我也无法使用arachni扫描的我的使用了vue.js的web工程。请问有什么好的建议吗?谢谢
Hello, I can't use arachni to scan my web project using vue.js. Is there any good advice? Thank you
你好,我也无法使用arachni扫描的我的使用了vue.js的web工程。请问有什么好的建议吗?谢谢
后面我就放弃了,你可以搭建一个公网环境给作者测试,他们应该很乐意