Nmap Development mailing list archives
[NSE] http-xssed.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Sat, 6 Jul 2013 04:24:27 +0300
The attached script searches the xssed.com database for any previously reported XSS vulnerabilities about the target and parses any results. xssed.com is the largest online archive of XSS vulnerable websites. Right now it contains about 45600 entries. The script never interacts with the target and it's pretty use to use (there are no arguments). The output looks like this: PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-xssed: | xssed.com found the following previously reported XSS vulnerabilities marked as unfixed: | | /redirect/links.aspx?page=http://xssed.com | | /derefer.php?url=http://xssed.com/ | | xssed.com found the following previously reported XSS vulnerabilities marked as fixed: | |_ /myBook/myregion.php?targetUrl=javascript:alert(1); -- George Chatzisofroniou
Attachment:
http-xssed.nse
Description:
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-xssed.nse George Chatzisofroniou (Jul 05)
- Re: [NSE] http-xssed.nse George Chatzisofroniou (Jul 18)