Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] New script http-unsafe-output-encoding
From: Martin Holst Swende <martin () swende se>
Date: Sun, 11 Dec 2011 21:56:07 +0100

On 12/11/2011 08:52 PM, Patrik Karlsson wrote:
Hi list,

I just committed a new script called http-grep. It does pretty much what
the name suggests and enables you to search for patterns within spidered
web pages.
I've included a few example usages and their responses, but the script can
obviously be used for a lot more:
You're on fire!

I also threw together a script, based on an old tool I wrote a long time
ago and which serves me very well (https://bitbucket.org/holiman/jinx)

I basically ported it to nmap using the new spider. What it does is:
- Checks if a spidered page contained parameters
- If so, checks if any of these were reflected on the page ( e.g,
"foobar" and "funzip" was found)
- If N reflections were found, creates N new urls:
    -- x=foobar<payload>&y=gazonk&z=funzip
    -- x=foobar&y=gazonk&z=funzip<payload>
    -- The payload is this : ghz>hzx"zxc'xcv
- For each of these N new links, it fetches the content. In the content,
it checks if any  of the "dangerous" characters were reflected without
proper html-encoding.

If any such things are found, chances are high this page is vulnerable
to reflected XSS.


Attachment: http-unsafe-output-encoding.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]