IAST/Contextual scanning for Ruby-on-Rails (and Rack in general)

Hello all,

 

Some time ago I announced the arrival of IAST scanning for Rack-based (such as Ruby-on-Rails, Sinatra, etc.) web applications.

The feature is now here and I'd like to demo it for you.

We have our application, in this case a Sinatra one, and it goes like:

As you can see, scnr/introspector has been required and made use of.

Now we run a scan with no additional options or configuration:

./bin/scnr http://localhost:4567/

[...]

[+] Web Application Security Report - SCNR::Engine Framework

[~] Report generated on: 2024-01-08 09:59:13 +0200

[+] System settings:
[~] ---------------
[~] Version:           1.0dev
[~] Seed:              1c018afc74e11d4cdda4bd1bcf2f980f
[~] Audit started on:  2024-01-08 09:59:06 +0200
[~] Audit finished on: 2024-01-08 09:59:13 +0200
[~] Runtime:           00:00:06

[~] URL:        http://localhost:4567/
[~] User agent:  

[*] Audited elements:  
[~] * Links
[~] * Forms
[~] * Cookies
[~] * XMLs
[~] * JSONs
[~] * UI inputs
[~] * UI forms

[*] Checks: *

[~] ===========================

[+] 1 issues were detected.

[+] [1] Cross-Site Scripting (XSS) (Trusted)
[~] ~~~~~~~~~~~~~~~~~~~~
[~] Digest:     3187004085
[~] Severity:   High
[~] Description:  
[~]  
Client-side scripts are used extensively by modern web applications.
They perform from simple functions (such as the formatting of text) up to full
manipulation of client-side data and Operating System interaction.

Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data (in this example, from the client)
and reusing it without performing any validation or sanitisation.

If the injected script is returned immediately this is known as body XSS.
If the injected script is stored by the server and returned to any client visiting
the affected page, then this is known as persistent XSS (also stored XSS).

SCNR::Engine has discovered that it is possible to insert script content directly into
HTML element content.

[~] Tags: xss, regexp, injection, script

[~] CWE: http://cwe.mitre.org/data/definitions/79.html
[~] References:
[~]   Secunia - http://secunia.com/advisories/9716/
[~]   WASC - http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting
[~]   OWASP - https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

[~] URL:        http://localhost:4567/
[~] Element:    link
[~] All inputs: v
[~] Method:     GET
[~] Input name: v

[~] Seed:      "<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
[~] Injected:  "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
[~] Proof:     "<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"

[~] Execution trace
[0] examples/sinatra/app.rb#17 MyApp#GET / call
[1] examples/sinatra/app.rb#17 MyApp#GET / b_call
[2] examples/sinatra/app.rb#19 MyApp#GET / line
[3] examples/sinatra/app.rb#21 MyApp#GET / line
[4] examples/sinatra/app.rb#24 MyApp#GET / line
[5] examples/sinatra/app.rb#24 Sinatra::Base#params c_call
[6] examples/sinatra/app.rb#24 Sinatra::Base#params c_return
[7] examples/sinatra/app.rb#12 MyApp#process_params call
[8] examples/sinatra/app.rb#13 MyApp#process_params line
[9] examples/sinatra/app.rb#9 MyApp#noop call
[10] examples/sinatra/app.rb#10 MyApp#noop return
[11] examples/sinatra/app.rb#14 MyApp#process_params line
[12] examples/sinatra/app.rb#14 Hash#values c_call
[13] examples/sinatra/app.rb#14 Hash#values c_return
[14] examples/sinatra/app.rb#14 Array#join c_call
[15] examples/sinatra/app.rb#14 Array#join c_return
[16] examples/sinatra/app.rb#15 MyApp#process_params return
[17] examples/sinatra/app.rb#27 MyApp#GET / b_return
[18] examples/sinatra/app.rb#27 MyApp#GET / return

[~] Data trace
[0] MyApp#call argument #0: "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E"
Arguments:
[
 {
   "rack.version": [
     1,
     6
   ],
   "rack.errors": "#<IO:0x00007f8a97488f40>",
   "rack.multithread": true,
   "rack.multiprocess": false,
   "rack.run_once": false,
   "rack.url_scheme": "http",
   "SCRIPT_NAME": "",
   "QUERY_STRING": "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "SERVER_SOFTWARE": "puma 6.2.2 Speaking of Now",
   "GATEWAY_INTERFACE": "CGI/1.2",
   "REQUEST_METHOD": "GET",
   "REQUEST_PATH": "/",
   "REQUEST_URI": "/?v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "SERVER_PROTOCOL": "HTTP/1.1",
   "HTTP_HOST": "localhost:4567",
   "HTTP_ACCEPT_ENCODING": "gzip, deflate",
   "HTTP_USER_AGENT": "Mozilla/5.0 (Gecko) SCNR::Engine/v1.0dev",
   "HTTP_ACCEPT": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
   "HTTP_ACCEPT_LANGUAGE": "en-US,en;q=0.8,he;q=0.6",
   "puma.request_body_wait": 0.0021059513092041016,
   "SERVER_NAME": "localhost",
   "SERVER_PORT": "4567",
   "PATH_INFO": "/",
   "REMOTE_ADDR": "127.0.0.1",
   "HTTP_VERSION": "HTTP/1.1",
   "puma.socket": "#<TCPSocket:0x00007f8a9251e108>",
   "rack.hijack?": true,
   "rack.hijack": "#<Puma::Client:0x00007f8a91f61b98>",
   "rack.input": "#<Puma::NullIO:0x00007f8a91f425b8>",
   "rack.after_reply": [

   ],
   "puma.config": "#<Puma::Configuration:0x00007f8a91ecaab8>",
   "rack.logger": "#<Rack::NullLogger:0x00007f8a91f441d8>",
   "rack.request.query_string": "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "rack.request.query_hash": {
     "v": "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
   },
   "sinatra.route": "GET /"
 }
]
Backtrace:
       (eval):4:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/xss_header.rb:20:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/path_traversal.rb:18:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/json_csrf.rb:28:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/frame_options.rb:33:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/null_logger.rb:11:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/head.rb:12:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:219:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:2018:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `block in call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1792:in `synchronize'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/configuration.rb:270:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:98:in `block in handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:97:in `handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:431:in `process_client'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:233:in `block in run'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:147:in `block in spawn_thread'

[1] MyApp#call! argument #0: "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E"
Arguments:
[
 {
   "rack.version": [
     1,
     6
   ],
   "rack.errors": "#<IO:0x00007f8a97488f40>",
   "rack.multithread": true,
   "rack.multiprocess": false,
   "rack.run_once": false,
   "rack.url_scheme": "http",
   "SCRIPT_NAME": "",
   "QUERY_STRING": "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "SERVER_SOFTWARE": "puma 6.2.2 Speaking of Now",
   "GATEWAY_INTERFACE": "CGI/1.2",
   "REQUEST_METHOD": "GET",
   "REQUEST_PATH": "/",
   "REQUEST_URI": "/?v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "SERVER_PROTOCOL": "HTTP/1.1",
   "HTTP_HOST": "localhost:4567",
   "HTTP_ACCEPT_ENCODING": "gzip, deflate",
   "HTTP_USER_AGENT": "Mozilla/5.0 (Gecko) SCNR::Engine/v1.0dev",
   "HTTP_ACCEPT": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
   "HTTP_ACCEPT_LANGUAGE": "en-US,en;q=0.8,he;q=0.6",
   "puma.request_body_wait": 0.0021059513092041016,
   "SERVER_NAME": "localhost",
   "SERVER_PORT": "4567",
   "PATH_INFO": "/",
   "REMOTE_ADDR": "127.0.0.1",
   "HTTP_VERSION": "HTTP/1.1",
   "puma.socket": "#<TCPSocket:0x00007f8a9251e108>",
   "rack.hijack?": true,
   "rack.hijack": "#<Puma::Client:0x00007f8a91f61b98>",
   "rack.input": "#<Puma::NullIO:0x00007f8a91f425b8>",
   "rack.after_reply": [

   ],
   "puma.config": "#<Puma::Configuration:0x00007f8a91ecaab8>",
   "rack.logger": "#<Rack::NullLogger:0x00007f8a91f441d8>",
   "rack.request.query_string": "v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E",
   "rack.request.query_hash": {
     "v": "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
   },
   "sinatra.route": "GET /"
 }
]
Backtrace:
       (eval):4:in `call!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:938:in `call'
       (eval):5:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/xss_header.rb:20:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/path_traversal.rb:18:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/json_csrf.rb:28:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/frame_options.rb:33:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/null_logger.rb:11:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/head.rb:12:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:219:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:2018:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `block in call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1792:in `synchronize'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/configuration.rb:270:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:98:in `block in handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:97:in `handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:431:in `process_client'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:233:in `block in run'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:147:in `block in spawn_thread'

[2] MyApp#process_params argument #0: "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
Arguments:
[
 {
   "v": "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>"
 }
]
Backtrace:
       (eval):4:in `process_params'
       examples/sinatra/app.rb:24:in `block in <class:MyApp>'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1706:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1706:in `block in compile!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1019:in `block (3 levels) in route!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1037:in `route_eval'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1019:in `block (2 levels) in route!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1068:in `block in process_route'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1066:in `catch'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1066:in `process_route'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1017:in `block in route!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1014:in `each'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1014:in `route!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1138:in `block in dispatch!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `catch'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `invoke'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1133:in `dispatch!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:949:in `block in call!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `catch'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `invoke'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:949:in `call!'
       (eval):5:in `call!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:938:in `call'
       (eval):5:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/xss_header.rb:20:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/path_traversal.rb:18:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/json_csrf.rb:28:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/frame_options.rb:33:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/null_logger.rb:11:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/head.rb:12:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:219:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:2018:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `block in call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1792:in `synchronize'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/configuration.rb:270:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:98:in `block in handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:97:in `handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:431:in `process_client'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:233:in `block in run'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:147:in `block in spawn_thread'

[3] MyApp#body argument #0: "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>\n        <a href=\"?v=stuff\">XSS</a>\n"
Arguments:
[
 [
   "stuff<xss_1c018afc74e11d4cdda4bd1bcf2f980f/>\n        <a href=\"?v=stuff\">XSS</a>\n"
 ]
]
Backtrace:
       (eval):4:in `body'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1118:in `invoke'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1133:in `dispatch!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:949:in `block in call!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `catch'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1109:in `invoke'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:949:in `call!'
       (eval):5:in `call!'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:938:in `call'
       (eval):5:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/xss_header.rb:20:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/path_traversal.rb:18:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/json_csrf.rb:28:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/base.rb:53:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-protection-3.0.6/lib/rack/protection/frame_options.rb:33:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/null_logger.rb:11:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/rack-2.2.7/lib/rack/head.rb:12:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:219:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:2018:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `block in call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1792:in `synchronize'
       /home/zapotek/scnr-dev-env/.system/gems/gems/sinatra-3.0.6/lib/sinatra/base.rb:1576:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/configuration.rb:270:in `call'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:98:in `block in handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/request.rb:97:in `handle_request'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:431:in `process_client'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/server.rb:233:in `block in run'
       /home/zapotek/scnr-dev-env/.system/gems/gems/puma-6.2.2/lib/puma/thread_pool.rb:147:in `block in spawn_thread'


[~] Referring page: http://localhost:4567/

[~] Affected page:  http://localhost:4567/?v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f/%3E
[~] HTTP request
GET /?v=stuff%3Cxss_1c018afc74e11d4cdda4bd1bcf2f980f%2F%3E HTTP/1.1
Host: localhost:4567
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Gecko) SCNR::Engine/v1.0dev
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,he;q=0.6
X-Scnr-Engine-Scan-Seed: 1c018afc74e11d4cdda4bd1bcf2f980f
X-Scnr-Introspector-Taint: 1c018afc74e11d4cdda4bd1bcf2f980f
X-Scnr-Introspector-Trace: 664




[+] Plugin data:
[~] ---------------


[*] Health map
[~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs.

[~] Legend:
[+] No issues
[-] Has issues

[-] http://localhost:4567/

[~] Total: 1
[+] Without issues: 0
[-] With issues: 1 ( 100% )

[~] Report saved at: /home/zapotek/.scnr/reports/localhost_2024-01-08_09_59_13_+0200.ser [0.01MB]



[~] Audited 2 page snapshots.

[~] Duration: 00:00:06
[~] Processed 730/730 HTTP requests -- failed: 0
[~] -- 153.494 requests/second.
[~] Processed 7/7 browser jobs -- failed: 0
[~] -- 0.374 second/job.

[~] Burst avg application time  0.003 seconds
[~] Burst average response time 0.004 seconds
[~] Burst average responses/s   6.553 responses/second

[~] Average application time    0.032 seconds
[~] Download speed              1983.147 KBps
[~] Upload speed                0.101 KBps
[~] Concurrency                 10/10 connections

====================================================
[~] Please provide feedback at: contact@ecsypno.com
[~] -- Thank you in advance!
====================================================

Et voila! We're graced with all manner of contextual server-side information regarding that XSS issue that was identified.

The "Execution trace" shows us the course of the application's execution at the time the issue was identified.

The "Data trace" shows us contextual information about the data that was available to the application at the time, and also, due to the nature of that data, its state.

And there you have it, a highly helpful insight to debug, reproduce and/or identify the issue's root cause for all of teams' merry.

Cheers!

Older post Newer post

Leave a comment

Please note, comments must be approved before they are published