view release on metacpan or  search on metacpan

t/test1.xml  view on Meta::CPAN

  </issue>
  <issue>
    <serialNumber>4408084536896053248</serialNumber>
    <type>4195072</type>
    <name>Password field submitted using GET method</name>
    <host>http://192.168.163.128</host>
    <path><![CDATA[/beef/]]></path>
    <location><![CDATA[/beef/]]></location>
    <severity>Low</severity>
    <confidence>Certain</confidence>
    <issueBackground><![CDATA[The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's brow...
    <remediationBackground><![CDATA[All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as <b>method="POST"</b>. It may also be necessary to modify the corresponding serv...
    <issueDetail><![CDATA[The page contains a form with the following action URL, which is submitted using the GET method:<ul><li>http://192.168.163.128<wbr>/beef/</li></ul>The form contains the following password field:<ul><li>passwd</li></ul>]]></i...
    <requestresponse>
      <request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7