Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-phpself-xss
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Mon, 30 May 2011 02:07:20 -1100

What about when only certain variables are vulnerable?

For example
example.com/test.php?<script>alert(1)</script>
may not work when 
example.com/test.php?data=<script>alert(1)</script>
works.

Or what about if only POST-data is vulnerable?

/Hans


On Sun, 29 May 2011 03:04 -0700, "Paulino Calderon"
<paulino () calderonpale com> wrote:
Hi everyone,

I'm attaching my script 'http-phpself-xss', this script detects php 
files vulnerable to Phpself Cross Site Scripting(*) in a web server.

First, the script crawls the webserver to list all php files and then it 
sends an attack probe to identify all vulnerable scripts.

Feel free to test this script against my dummy app -> 
http://calder0n.com/sillyapp/

(*) Phpself Cross Site Scripting vulnerabilities refers to cross site 
scripting vulnerabilities caused by the lack of sanitation of the 
variable $_SERVER["PHP_SELF"] in PHP scripts/web applications.

Cheers.

-- 
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: @paulinocaIderon


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Email had 1 attachment:
+ http-phpself-xss.nse
  12k (text/plain)
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault