Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-dombased-xss.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Fri, 9 Aug 2013 22:09:30 +0300

On Wed, Aug 07, 2013 at 04:29:56PM -0700, David Fifield wrote:
The script seems pretty clear to me. I think it could use some more
references and a fuller description of what the script is doing in the
description. It looks for places where attacker-controlled information
in the DOM may be used to affect JavaScript execution in certain ways.

I updated the description and added a couple of references.

This link appears to have some additional patterns to check for:
https://code.google.com/p/domxsswiki/wiki/LocationSources

Thanks. I added them.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]