Posted by ingo86 on October 22, 2008 at 10:17pm
Hi all,
The scanner is tested to find XSS vulnerabilities inside a drupal installation. These could be found only searching into the forms of the website. There's no way right now to add an exploit as a parameter of the url of the page.
Something like
http://www.example.com/?q=<script>alert(xss);</script>
This is something I wanna add as new feature, but make it automatic is not so trivial.
Suggestions?