Nmap Development mailing list archives
[NSE] New script http-unsafe-output-encoding
From: Martin Holst Swende <martin () swende se>
Date: Sun, 11 Dec 2011 21:56:07 +0100
On 12/11/2011 08:52 PM, Patrik Karlsson wrote:
Hi list, I just committed a new script called http-grep. It does pretty much what the name suggests and enables you to search for patterns within spidered web pages. I've included a few example usages and their responses, but the script can obviously be used for a lot more:
You're on fire! I also threw together a script, based on an old tool I wrote a long time ago and which serves me very well (https://bitbucket.org/holiman/jinx) I basically ported it to nmap using the new spider. What it does is: - Checks if a spidered page contained parameters (x=foobar&y=gazonk&z=funzip) - If so, checks if any of these were reflected on the page ( e.g, "foobar" and "funzip" was found) - If N reflections were found, creates N new urls: -- x=foobar<payload>&y=gazonk&z=funzip -- x=foobar&y=gazonk&z=funzip<payload> -- The payload is this : ghz>hzx"zxc'xcv - For each of these N new links, it fetches the content. In the content, it checks if any of the "dangerous" characters were reflected without proper html-encoding. If any such things are found, chances are high this page is vulnerable to reflected XSS. Regards, Martin
Attachment:
http-unsafe-output-encoding.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script http-grep Patrik Karlsson (Dec 11)
- [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 11)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 14)
- Re: [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 14)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 15)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 14)
- [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 11)