Home page logo
/

nmap-dev logo Nmap Development mailing list archives

http-phpself-xss
From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 29 May 2011 03:04:39 -0700

Hi everyone,

I'm attaching my script 'http-phpself-xss', this script detects php files vulnerable to Phpself Cross Site Scripting(*) in a web server.

First, the script crawls the webserver to list all php files and then it sends an attack probe to identify all vulnerable scripts.

Feel free to test this script against my dummy app -> http://calder0n.com/sillyapp/

(*) Phpself Cross Site Scripting vulnerabilities refers to cross site scripting vulnerabilities caused by the lack of sanitation of the variable $_SERVER["PHP_SELF"] in PHP scripts/web applications.

Cheers.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: @paulinocaIderon

Attachment: http-phpself-xss.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]