1

Topic: What is not pleasant ?

here http://www.arachni-scanner.com/
I the ..., but ., (sm in the end ).
At first about csrf:
All that goes in send.php - all has ProtectFormKey . (Well it is clear that in this script it is checked)
On  show.php (8) there is a UNIQUE not protected form values from which influence only an output a certain data. To  no any relation has, transmittable values are rigidly checked.
The file search.php generally meanwhile is not present.
In ulogin.php too it is checked PFK
Here the input form, the data from which are transferred in ulogin.php

<form name = "loginfrm" action = "/ulogin.php" method = "POST">
<b>
login:
</b>
</br>
<input type = "text" required = "" name = "login" size = "32" maxlength = "64">
</input>
</br>
<br>
</br>
<b>
password:
</b>
</br>
<input name = "upsw" required = "" type = "password" size = "32" maxlength = "255" value = "">
</input>
<br>
<br>
<input class = "send_but" type = "submit" value = "login">
</input>
<a href = "/reset.php">
Forgot the password?
</a>
<input type = "hidden" name = "pfk" value = "rLAnWqJC || 8535cb0dd37344705edf411fc3abc85f">
</input>
</form>

What is Arahni not pleasant? I Think that this false actuating? Or...???

2

Re: What is not pleasant ?

required = "" - already corrected.

3

Re: What is not pleasant ?

That is it in shape at me without = ""