Nmap Development mailing list archives

Re: [NSE] http-dombased-xss.nse

From: George Chatzisofroniou <sophron () latthi com>
Date: Fri, 9 Aug 2013 22:09:30 +0300

On Wed, Aug 07, 2013 at 04:29:56PM -0700, David Fifield wrote:

The script seems pretty clear to me. I think it could use some more
references and a fuller description of what the script is doing in the
description. It looks for places where attacker-controlled information
in the DOM may be used to affect JavaScript execution in certain ways.


I updated the description and added a couple of references.

This link appears to have some additional patterns to check for:
https://code.google.com/p/domxsswiki/wiki/LocationSources


Thanks. I added them.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-dombased-xss.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-dombased-xss.nse David Fifield (Aug 07)
  - Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Aug 09)
- Re: [NSE] http-dombased-xss.nse George Chatzisofroniou (Aug 10)