mailing list archives
From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 29 May 2011 03:04:39 -0700
I'm attaching my script 'http-phpself-xss', this script detects php
files vulnerable to Phpself Cross Site Scripting(*) in a web server.
First, the script crawls the webserver to list all php files and then it
sends an attack probe to identify all vulnerable scripts.
Feel free to test this script against my dummy app ->
(*) Phpself Cross Site Scripting vulnerabilities refers to cross site
scripting vulnerabilities caused by the lack of sanitation of the
variable $_SERVER["PHP_SELF"] in PHP scripts/web applications.
Paulino Calderón Pale
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- http-phpself-xss Paulino Calderon (May 29)