Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] http-dombased-xss.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Fri, 26 Jul 2013 04:22:02 +0300

The attached script tries to detect DOM-based XSS by using some patterns.
DOM-based XSS occur in client-side JavaScript so this script basically greps
every page for common traces. You can read more about DOM-based XSS here [1].

The script, by default, will crawl the target website. Otherwise, you can limit
the pages to grep with the singlepages option.

Here's an example of usage:

./nmap -p80 -n -Pn --script http-dombased-xss.nse --script-args 'http-dombased-xss.singlepages={/foo}' 
some-very-random-page.com -d1

The output looks like this:

 PORT   STATE SERVICE REASON
 80/tcp open  http    syn-ack
 | http-dombased-xss: 
 | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-random-page.com
 |   Found the following indications of potential DOM based XSS: 
 |     
 |     Source: document.write(document.URL.substring(pos,document.URL.length)
 |     Pages: http://some-very-random-page.com:80/, http://some-very-random-page.com/foo.html
 |     
 |     Source: document.write("<OPTION 
value=1>"+document.location.href.substring(document.location.href.indexOf("default=")
 |_    Pages: http://some-very-random-page.com/foo.html

Please note, that the script may generate some false positives. Don't take
everything in the output as a vulnerability, if you don't review it first.

Any comments are welcome,

-- 
George Chatzisofroniou

Attachment: http-dombased-xss.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]