Nmap Development mailing list archives

[NSE] http-xssed.nse

From: George Chatzisofroniou <sophron () latthi com>
Date: Sat, 6 Jul 2013 04:24:27 +0300

The attached script searches the xssed.com database for any previously reported
XSS vulnerabilities about the target and parses any results. 

xssed.com is the largest online archive of XSS vulnerable websites. Right now it
contains about 45600 entries.

The script never interacts with the target and it's pretty use to use (there are
no arguments).

The output looks like this:

 PORT   STATE SERVICE REASON
 80/tcp open  http    syn-ack
 | http-xssed: 
 |   xssed.com found the following previously reported XSS vulnerabilities marked as unfixed:
 |   
 |     /redirect/links.aspx?page=http://xssed.com
 |
 |     /derefer.php?url=http://xssed.com/
 |
 |   xssed.com found the following previously reported XSS vulnerabilities marked as fixed:
 |
 |_    /myBook/myregion.php?targetUrl=javascript:alert(1);

-- 
George Chatzisofroniou

Attachment: http-xssed.nse
Description:

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-xssed.nse George Chatzisofroniou (Jul 05)
- Re: [NSE] http-xssed.nse George Chatzisofroniou (Jul 18)