Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-phpself-xss

From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Mon, 30 May 2011 02:07:20 -1100
What about when only certain variables are vulnerable?

For example
example.com/test.php?<script>alert(1)</script>
may not work when 
example.com/test.php?data=<script>alert(1)</script>
works.

Or what about if only POST-data is vulnerable?

/Hans


On Sun, 29 May 2011 03:04 -0700, "Paulino Calderon"
<paulino () calderonpale com> wrote:

Hi everyone,

I'm attaching my script 'http-phpself-xss', this script detects php 
files vulnerable to Phpself Cross Site Scripting(*) in a web server.

First, the script crawls the webserver to list all php files and then it 
sends an attack probe to identify all vulnerable scripts.

Feel free to test this script against my dummy app -> 
http://calder0n.com/sillyapp/

(*) Phpself Cross Site Scripting vulnerabilities refers to cross site 
scripting vulnerabilities caused by the lack of sanitation of the 
variable $_SERVER["PHP_SELF"] in PHP scripts/web applications.

Cheers.

-- 
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: @paulinocaIderon


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Email had 1 attachment:
+ http-phpself-xss.nse
  12k (text/plain)

-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: