Nmap Development mailing list archives
[NSE] http-dombased-xss.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Fri, 26 Jul 2013 04:22:02 +0300
The attached script tries to detect DOM-based XSS by using some patterns. DOM-based XSS occur in client-side JavaScript so this script basically greps every page for common traces. You can read more about DOM-based XSS here [1]. The script, by default, will crawl the target website. Otherwise, you can limit the pages to grep with the singlepages option. Here's an example of usage: ./nmap -p80 -n -Pn --script http-dombased-xss.nse --script-args 'http-dombased-xss.singlepages={/foo}' some-very-random-page.com -d1 The output looks like this: PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-dombased-xss: | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-random-page.com | Found the following indications of potential DOM based XSS: | | Source: document.write(document.URL.substring(pos,document.URL.length) | Pages: http://some-very-random-page.com:80/, http://some-very-random-page.com/foo.html | | Source: document.write("<OPTION value=1>"+document.location.href.substring(document.location.href.indexOf("default=") |_ Pages: http://some-very-random-page.com/foo.html Please note, that the script may generate some false positives. Don't take everything in the output as a vulnerability, if you don't review it first. Any comments are welcome, -- George Chatzisofroniou
Attachment:
http-dombased-xss.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-dombased-xss.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-dombased-xss.nse David Fifield (Aug 07)
- Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Aug 09)
- Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Aug 10)