WAS Findings in XML Report

Findings in all WAS reports in XML format are Base64 encoded starting with version 3.1. Findings include vulnerability detections, information gathered and sensitive content.  

Did you build clients using WAS version 3.0 or earlier? If yes, please update your clients so that WAS findings data is processed accurately.

Tell me about Base64 encoded findings

All findings reported for scan and web applications are base64 encoded in XML. This includes:

- Actual contents of the response

- If evidence in response is highlighted, the evidence contents

- Information gathered data

Base64 encoded data usually will have the attribute set to “base64=true”. For example:

<WasScanVuln>
    <qid>150001</qid>
    <title>
    <![CDATA[Reflected Cross-Site Scripting (XSS) Vulnerabilities]]>
    </title>
    <uri>
    <![CDATA[http://myuri.apps.com/613460625329/feed.gtl?uid=%22'%3E%3Cqss%20a%3DX157
105156Y1Z%3E]]>
    </uri>
    <param>uid</param>
    <instances>
    <count>1</count>
    <list>
        <WasScanVulnInstance>
        <authenticated>false</authenticated>
        <payloads>
            <count>4</count>
            <list>
            <WasScanVulnPayload>
                <payload>
                <![CDATA[uid=%00%3Cscript%3E_q%3Drandom(X157105156Y1Z)%3C%2Fscript%3E]]>
                </payload>
                <result base64="true">
                <![CDATA[Cl9mZWVkKCgKCgpbCiI]]>
                </result>
            </WasScanVulnPayload>
            <WasScanVulnPayload>
                <payload>
                <![CDATA[uid=%22'%3E%3Cqss%20a%3DX157105156Y1Z%3E]]>
                </payload>
                <result base64="true">
                <![CDATA[Cl9mZWVkKCgKCgpbCiIiJyZndDsmbHQ7cXNzIGE9WDE1NzEwNTE1NlkxWiZndDsiCgpdCgoKCikpCg]]>
                </result>
            </WasScanVulnPayload>
            <WasScanVulnPayload>
                <payload>
                <![CDATA[uid=%00%3Cscript%3E_q%3Drandom(X157201836Y1Z)%3C%2Fscript%3E]]>
                </payload>
                <result base64="true">
                <![CDATA[Cl9mZWVkKCgKCgpbCiI]]>
                </result>
            </WasScanVulnPayload>
            <WasScanVulnPayload>
                <payload>
                <![CDATA[uid=%22'%3E%3Cqss%20a%3DX157201836Y1Z%3E]]>
                </payload>
                <result base64="true">
                <![CDATA[Cl9mZWVkKCgKCgpbCiIiJyZndDsmbHQ7cXNzIGE9WDE1NzIwMTgzNlkxWiZndDsiCgpdCgoKCikpCg]]>
                </result>
            </WasScanVulnPayload>
            </list>
        </payloads>
        </WasScanVulnInstance>
    </list>
    </instances>
</WasScanVuln>      
    

WAS v3 Scan Results

Vulnerability and Sensitive Content findings

WasScan/vulns/list/WasScanVuln/instances/list/WasScanVulnInstance/ payloads/list/WasScanVulnPayload/result

WasScan/sensitiveContents/list/WasScanSensitiveContent/ instances/list/ WasScanSensitiveContentInstance/payloads/list/ WasScanSensitiveContentPayload/result

Sample WAS v3 Scan Results XML

<INFO>
    <QID>150044</QID>
    <TITLE>
        <![CDATA[Login Form Is Not Submitted Via HTTPS]]>
    </TITLE>
    <RESULT base64="true">
        <![CDATA[RGVmYXVsdCBmb3JtIGFjdGlvbiBkb2VzIG5vdCBzdWJtaXQgdmlhIFNTTDogaHR0cDovL2dvb2ds
ZS1ncnV5ZXJlLmFwcHNwb3QuY29tLzYxMzQ2MDYyNTMyOS9sb2dpbgo=]]>
    </RESULT>
</INFO>      
    

Information Gathered findings

WasScan/igs/list/WasScanIg/data

Sample WAS v3 Scan Results XML

<VULNERABILITY>
    <ID>5943</ID>
    <QID>150001</QID>
    <URL>
        <![CDATA[http://myuri.apps.com/app/xss/0/1/0/xss.php?s='%20onEvent%3dX146470180Y1Z%20]]>
    </URL>
    <PARAM>
        <![CDATA[s]]>
    </PARAM>
    <AUTHENTICATION>Not Required</AUTHENTICATION>
    <STATUS>NEW</STATUS>
    <FIRST_TIME_DETECTED>2011-12-30T09:57:39Z</FIRST_TIME_DETECTED>
    <LAST_TIME_DETECTED>2011-12-30T09:57:39Z</LAST_TIME_DETECTED>
    <LAST_TIME_TESTED>2011-12-30T09:57:39Z</LAST_TIME_TESTED>
    <TIMES_DETECTED>1</TIMES_DETECTED>
    <PAYLOADS>
        <PAYLOAD>
            <NUM>1</NUM>
            <PAYLOAD>
                <![CDATA[s='%20onEvent%3dX146470180Y1Z%20]]>
            </PAYLOAD>
            <REQUEST/>
            <RESPONSE>
                <CONTENTS base64="true">
                    <![CDATA[bGQiJmd0OyZsdDsmbHQ7L3NwYW4mZ3Q7ID0mZ3Q7ICZsdDtzcGFuIGNsYXNzPSJib2xkIiZndDsmYW1wO2x0OyZsdDsvc3BhbiZndDsmbHQ7YnImZ3Q7CiZsdDsvZGl2Jmd0OwombHQ7L2RpdiZndDsKJmx0O2JyJmd0OwombHQ7ZGl2IGNsYXNzPSJwYXlsb2FkcyImZ3Q7Ck91dHB1dCBmcm9tIHJlcXVlc3QgJmx0O3NwYW4gY2xhc3M9ImJvbGQiJmd0Oy9jYXNzaXVtL3hzcy5waHA/dmFyaWFudD0wJmFtcDtxcz0xJmFtcDtmPTAmYW1wO3M9JyUyMG9uRXZlbnQlM2RYMTQ2NDcwMTgwWTFaJTIwJmx0Oy9zcGFuJmd0OwombHQ7YnImZ3Q7CiZsdDthIGhyZWY9J1wnIG9uRXZlbnQ9WDE0NjQ3MDE4MFkxWiAnJmd0O3NhbXBsZSBsaW5rJmx0Oy9hJmd0OwombHQ7L2RpdiZndDsKJmx0O3NjcmlwdCZndDttYWluKCkmbHQ7L3NjcmlwdCZndDsKJmx0Oy9ib2R5Jmd0OwombHQ7L2h0bWwmZ3Q7]]>
                </CONTENTS>
            </RESPONSE>
        </PAYLOAD>
    </PAYLOADS>
    <IGNORED>false</IGNORED>
</VULNERABILITY>      
    

 

Vulnerability and Sensitive Content findings

WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST /VULNERABILITY/ PAYLOADS/PAYLOAD/RESPONSE/CONTENTS

WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/SENSITIVE_CONTENT_LIST/ SENSITIVE_CONTENT/PAYLOADS/PAYLOAD/RESPONSE/CONTENTS

WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST/ VULNERABILITY/PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE

WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/SENSITIVE_CONTENT_LIST/ SENSITIVE_CONTENT/PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE

Sample WAS v3 Scan Results XML

<INFORMATION_GATHERED_LIST>
    <INFORMATION_GATHERED>
        <ID>1529</ID>
        <QID>6</QID>
        <FIRST_TIME_DETECTED>2011-12-30T09:57:39Z</FIRST_TIME_DETECTED>
        <LAST_TIME_DETECTED>2011-12-30T09:57:39Z</LAST_TIME_DETECTED>
        <LAST_TIME_TESTED>2011-12-30T09:57:39Z</LAST_TIME_TESTED>
        <DATA base64="true">
            <![CDATA[I3RhYmxlCklQX2FkZHJlc3MgSG9zdF9uYW1lCgoxMC4xMC4yNi43NyBmdW5reXR vd24udnVsbi5x
YS5xdWFseXMuY29tCg==]]>
        </DATA>
    </INFORMATION_GATHERED>
    <INFORMATION_GATHERED>
        <ID>1532</ID>
        <QID>150031</QID>
        <FIRST_TIME_DETECTED>2011-12-30T09:57:39Z</FIRST_TIME_DETECTED>
        <LAST_TIME_DETECTED>2011-12-30T09:57:39Z</LAST_TIME_DETECTED>
        <LAST_TIME_TESTED>2011-12-30T09:57:39Z</LAST_TIME_TESTED>
        <DATA
base64="true">
            <![CDATA[VGltZW91dCByZWFjaGVkIGluIElQQyBjb25uZWN0aW9uIHRvIFdlYktpdC4gSmF
2YVNjcmlwdCBz dXBwb3J0IGRpc2FibGVkIGluOmVQaGFzZUNyYXdsCkNyYXdsIGNvbXBsZXRlZCB3aXRoIFdlYktp dC4K]]>
        </DATA>
    </INFORMATION_GATHERED>      
    

 

Information Gathered findings

WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/
INFORMATION_GATHERED_LIST/ INFORMATION_GATHERED/DATA

<INFORMATION_GATHERED_LIST>
    <INFORMATION_GATHERED>
        <ID>1529</ID>
        <QID>6</QID>
        <FIRST_TIME_DETECTED>2011-12-30T09:57:39Z</FIRST_TIME_DETECTED>
        <LAST_TIME_DETECTED>2011-12-30T09:57:39Z</LAST_TIME_DETECTED>
        <LAST_TIME_TESTED>2011-12-30T09:57:39Z</LAST_TIME_TESTED>
        <DATA base64="true">
            <![CDATA[I3RhYmxlCklQX2FkZHJlc3MgSG9zdF9uYW1lCgoxMC4xMC4yNi43NyBmdW5reXR vd24udnVsbi5x
YS5xdWFseXMuY29tCg==]]>
        </DATA>
    </INFORMATION_GATHERED>
    <INFORMATION_GATHERED>
        <ID>1532</ID>
        <QID>150031</QID>
        <FIRST_TIME_DETECTED>2011-12-30T09:57:39Z</FIRST_TIME_DETECTED>
        <LAST_TIME_DETECTED>2011-12-30T09:57:39Z</LAST_TIME_DETECTED>
        <LAST_TIME_TESTED>2011-12-30T09:57:39Z</LAST_TIME_TESTED>
        <DATA
base64="true">
            <![CDATA[VGltZW91dCByZWFjaGVkIGluIElQQyBjb25uZWN0aW9uIHRvIFdlYktpdC4gSmF
2YVNjcmlwdCBz dXBwb3J0IGRpc2FibGVkIGluOmVQaGFzZUNyYXdsCkNyYXdsIGNvbXBsZXRlZCB3aXRoIFdlYktp dC4K]]>
        </DATA>
    </INFORMATION_GATHERED>      
    

Vulnerability and Sensitive Content findings

WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/VULNERABILITY/ PAYLOADS/ PAYLOAD/RESPONSE/CONTENTS

WAS_SCAN_REPORT/RESULTS/SENSITIVE_CONTENT_LIST/ SENSITIVE_CONTENT/ PAYLOADS/PAYLOAD/RESPONSE/CONTENTS

WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/VULNERABILITY/ PAYLOADS/ PAYLOAD/RESPONSE/EVIDENCE

WAS_SCAN_REPORT/RESULTS/SENSITIVE_CONTENT_LIST/ SENSITIVE_CONTENT/ PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE

Information Gathered findings

WAS_SCAN_REPORT/RESULTS/INFORMATION_GATHERED_LIST/ INFORMATION_GATHERED/DATA