[Owasp-webscarab] Running script on webscarab
pagarwalla at simdeskcorp.com
pagarwalla at simdeskcorp.com
Tue Mar 4 12:28:57 EST 2008
I did and no more errors now. But still the check parameter is going as
the old value.
Because the modified value makes the web page through XSS error.
Also , I turned on 'intercept request' to see the outgoing msg from
webscarab.
Rogan Dawes wrote:
> pagarwalla at simdeskcorp.com wrote:
>
>> The below error displaying :
>>
>> Error evaluating bean script : Sourced file: inline evaluation of:
>> ``Response response = fetchResponse(nextClient, request);'' : Typed
>> variable declaration : Unknown class: HttpUrl : at Line: 21 : in
>> file: inline evaluation of: ``import
>> org.owasp.webscarab.model.Request; import
>> org.owasp.webscarab.model.Respo . . . '' : new HttpUrl ( url )
>>
>>
>> I could make it error free by removing " request.setURL(new
>> HttpUrl(url)); " though. but when I execute requests o my web site, i
>> dont see the value of the "check" parameter going as "<IMG
>> """><SCRIPT>alert("XSS")</SCRIPT>"> " (what i wanted the script to
>> do).
>>
>> Do I need any further modifications.
>>
>
> The setURL() step is crucial, otherwise all the work you have done up
> to that point is simply discarded.
>
> Did you include the "import" for HttpUrl?
>
> Rogan
>
>> Thanks, Rogan Dawes wrote:
>>
>>> pagarwalla at simdeskcorp.com <mailto:pagarwalla at simdeskcorp.com>
>>> wrote:
>>>
>>>> Getting similar ERROR after adding import
>>>> org.owasp.webscarab.model.NamedValue; :
>>>
>>>
>>> Not quite the same error.
>>>
>>>> Error evaluating bean script : Sourced file: inline evaluation
>>>> of: ``Response response = fetchResponse(nextClient, request);'' :
>>>> Typed variable declaration : Typed variable declaration : Error
>>>> in method invocation: Static method split( java.lang.String,
>>>> java.lang.String,
>>>
>>> ^^^^^^^^^^^^^^^^^^^
>>>
>>>> java.lang.String ) not found in
>>>
>>> ^^^^^^^^^^^^
>>>
>>>> class'org.owasp.webscarab.model.NamedValue' : at Line: 11 : in
>>>> file:
>>>
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>> That is because it is actually "splitNamedValues", not "split".
>>>
>>> Fix that up, and try again.
>>>
>>> Rogan
>>>
>>
>> -- Priti Agarwalla Test Engineer 713.690.6016 ext.256 (o)
>> pagarwalla at simdeskcorp.com <mailto:pagarwalla at simdeskcorp.com>
>> www.simdesk.com <http://www.simdesk.com>
>>
>>
>>
>
--
Priti Agarwalla
Test Engineer
713.690.6016 ext.256 (o)
pagarwalla at simdeskcorp.com
www.simdesk.com
More information about the Owasp-webscarab
mailing list