//START ATTACKS FOUND -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:215 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php Input: ToDo="NewUser" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=1 fromCol="1" fromRow="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" isCheckMate="1" isInCheck="1" promotion="1" pwdPassword="1" rdoHistory="1" rdoTheme="1" requestDraw="1" requestUndo="1" resign="1" toCol="1" toRow="1" txtEmailNotification="1" txtFirstName="1" txtLastName="1" txtNick="1" txtReload="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581550840/mainmenu.php14929589091.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:216 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php Input: ToDo="NewUser" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=1 fromCol="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" fromRow="1" isCheckMate="1" isInCheck="1" promotion="1" pwdPassword="1" rdoHistory="1" rdoTheme="1" requestDraw="1" requestUndo="1" resign="1" toCol="1" toRow="1" txtEmailNotification="1" txtFirstName="1" txtLastName="1" txtNick="1" txtReload="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581551464/mainmenu.php-20325226911.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:217 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php Input: ToDo="NewUser" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=1 fromCol="1" fromRow="1" isCheckMate="1" isInCheck="1" promotion="1" pwdPassword="1" rdoHistory="1" rdoTheme="1" requestDraw="1" requestUndo="1" resign="1" toCol="1" toRow="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" txtEmailNotification="1" txtFirstName="1" txtLastName="1" txtNick="1" txtReload="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581551957/mainmenu.php-19045960991.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) /*transferboarddatatojavacripts*/varDEBUG=0;varCURRENTTHEME='1';varPAWN=1;varKNIGHT=2;varBISHOP=4;varROOK=8;varQUEEN=16;varKING=32;varBLACK=128;varWHITE=0;varCOLOR_MASK=127;varboard=newArray();board[0]=newArray();board[0][0]=0;board[0][1]=0;board[0][2]=0;board[0][3]=0;board[0][4]=0;board[0][5]=0;board[0][6]=0;board[0][7]=0;board[1]=newArray();board[1][0]=0;board[1][1]=0;board[1][2]=0;board[1][3]=0;board[1][4]=0;board[1][5]=0;board[1][6]=0;board[1][7]=0;board[2]=newArray();board[2][0]=0;board[2][1]=0;board[2][2]=0;board[2][3]=0;board[2][4]=0;board[2][5]=0;board[2][6]=0;board[2][7]=0;board[3]=newArray();board[3][0]=0;board[3][1]=0;board[3][2]=0;board[3][3]=0;board[3][4]=0;board[3][5]=0;board[3][6]=0;board[3][7]=0;board[4]=newArray();board[4][0]=0;board[4][1]=0;board[4][2]=0;board[4][3]=0;board[4][4]=0;board[4][5]=0;board[4][6]=0;board[4][7]=0;board[5]=newArray();board[5][0]=0;board[5][1]=0;board[5][2]=0;board[5][3]=0;board[5][4]=0;board[5][5]=0;board[5][6]=0;board[5][7]=0;board[6]=newArray();board[6][0]=0;board[6][1]=0;board[6][2]=0;board[6][3]=0;board[6][4]=0;board[6][5]=0;board[6][6]=0;board[6][7]=0;board[7]=newArray();board[7][0]=0;board[7][1]=0;board[7][2]=0;board[7][3]=0;board[7][4]=0;board[7][5]=0;board[7][6]=0;board[7][7]=0;varnumMoves=-1;varerrMsg='';varCURPIECE=0;varCURCOLOR=1;varFROMROW=2;varFROMCOL=3;varTOROW=4;varTOCOL=5;varchessHistory=newArray();if(DEBUG)alert("Gameinitilizationcomplete!"); -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:218 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php Input: ToDo="NewUser" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=1 fromCol="1" fromRow="1" isCheckMate="1" isInCheck="1" promotion="1" pwdPassword="1" rdoHistory="1" rdoTheme="1" requestDraw="1" requestUndo="1" resign="1" toCol="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" toRow="1" txtEmailNotification="1" txtFirstName="1" txtLastName="1" txtNick="1" txtReload="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581552474/mainmenu.php-13298558111.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) /*transferboarddatatojavacripts*/varDEBUG=0;varCURRENTTHEME='1';varPAWN=1;varKNIGHT=2;varBISHOP=4;varROOK=8;varQUEEN=16;varKING=32;varBLACK=128;varWHITE=0;varCOLOR_MASK=127;varboard=newArray();board[0]=newArray();board[0][0]=0;board[0][1]=0;board[0][2]=0;board[0][3]=0;board[0][4]=0;board[0][5]=0;board[0][6]=0;board[0][7]=0;board[1]=newArray();board[1][0]=0;board[1][1]=0;board[1][2]=0;board[1][3]=0;board[1][4]=0;board[1][5]=0;board[1][6]=0;board[1][7]=0;board[2]=newArray();board[2][0]=0;board[2][1]=0;board[2][2]=0;board[2][3]=0;board[2][4]=0;board[2][5]=0;board[2][6]=0;board[2][7]=0;board[3]=newArray();board[3][0]=0;board[3][1]=0;board[3][2]=0;board[3][3]=0;board[3][4]=0;board[3][5]=0;board[3][6]=0;board[3][7]=0;board[4]=newArray();board[4][0]=0;board[4][1]=0;board[4][2]=0;board[4][3]=0;board[4][4]=0;board[4][5]=0;board[4][6]=0;board[4][7]=0;board[5]=newArray();board[5][0]=0;board[5][1]=0;board[5][2]=0;board[5][3]=0;board[5][4]=0;board[5][5]=0;board[5][6]=0;board[5][7]=0;board[6]=newArray();board[6][0]=0;board[6][1]=0;board[6][2]=0;board[6][3]=0;board[6][4]=0;board[6][5]=0;board[6][6]=0;board[6][7]=0;board[7]=newArray();board[7][0]=0;board[7][1]=0;board[7][2]=0;board[7][3]=0;board[7][4]=0;board[7][5]=0;board[7][6]=0;board[7][7]=0;varnumMoves=-1;varerrMsg='';varCURPIECE=0;varCURCOLOR=1;varFROMROW=2;varFROMCOL=3;varTOROW=4;varTOCOL=5;varchessHistory=newArray();if(DEBUG)alert("Gameinitilizationcomplete!"); -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:81 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php Input: ToDo="Login" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=2 gameID="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" pwdPassword="VerboseP" txtNick="VerboseP" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581657564/mainmenu.php5706735831.xml alert(String.fromCharCode(88,83,83)) alert(String.fromCharCode(88,83,83)) ="type="hidden"/> ">'> -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:87 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php Input: ToDo="Login" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=2 gameID="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" pwdPassword="VerboseP" txtNick="VerboseP" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581657920/mainmenu.php5706735831.xml alert(String.fromCharCode(88,83,83)) alert(String.fromCharCode(88,83,83)) ="type="hidden"/> ">'> -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:88 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php Input: ToDo="Login" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=2 gameID="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" pwdPassword="VerboseP" txtNick="VerboseP" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581658249/mainmenu.php5706735831.xml alert(String.fromCharCode(88,83,83)) alert(String.fromCharCode(88,83,83)) ="type="hidden"/> ">'> -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php vulnerability at line:89 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php Input: ToDo="Login" _CHESSUTILS="1" _fixOldPHPVersions="1" btnMainMenu=2 gameID="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" pwdPassword="VerboseP" txtNick="VerboseP" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581658561/mainmenu.php5706735831.xml alert(String.fromCharCode(88,83,83)) alert(String.fromCharCode(88,83,83)) ="type="hidden"/> ">'> -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/index.php vulnerability at line:60 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/newuser.php Input: _fixOldPHPVersions="1" btnIndex=2 tmpNewUser="1" txtEmailNotification="1" txtFirstName="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" txtLastName="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581896660/index.php-8450342081.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/index.php vulnerability at line:70 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/newuser.php Input: _fixOldPHPVersions="1" btnIndex=2 tmpNewUser="1" txtEmailNotification="1" txtFirstName="1" txtLastName="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581896933/index.php-8963497281.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/index.php vulnerability at line:149 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/newuser.php Input: _fixOldPHPVersions="1" btnIndex=2 tmpNewUser="1" txtEmailNotification="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" txtFirstName="1" txtLastName="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581897224/index.php-14774066321.xml alert(String.fromCharCode(88,83,83)) ">'> ="> alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/index.php vulnerability at line:45 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/newuser.php Input: _fixOldPHPVersions="1" btnIndex=2 tmpNewUser="1" txtEmailNotification="1" txtFirstName="1" txtLastName="1" txtNick="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581897629/index.php-4396522871.xml alert(String.fromCharCode(88,83,83)) -------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/index.php vulnerability at line:142 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/newuser.php Input: CFG_MINAUTORELOAD="';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}" CFG_NEW_USERS_ALLOWED=1 CFG_USEEMAILNOTIFICATION="1" _CONFIG="1" _fixOldPHPVersions="1" btnIndex=2 tmpNewUser="1" txtFirstName="1" txtLastName="1" Possible XSS Injections in /home/jars/eclipse-workspace/ardilla/results/tmp1220581901795/index.php-9504417611.xml alert(String.fromCharCode(88,83,83)) ">'> =">(min:';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--> =secs) alert(String.fromCharCode(88,83,83)) //END ATTACKS FOUND attacks:31 Timeout expired ------------------------------------------------ attack count:31 coveredEchos:39 coveredTaintedEchos:39 time:1800241