Nmap Development mailing list archives
Re: [NSE] New script http-unsafe-output-encoding
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 15 Dec 2011 07:20:39 +0100
On Sun, Dec 11, 2011 at 9:56 PM, Martin Holst Swende <martin () swende se>wrote:
On 12/11/2011 08:52 PM, Patrik Karlsson wrote:Hi list, I just committed a new script called http-grep. It does pretty much what the name suggests and enables you to search for patterns within spidered web pages. I've included a few example usages and their responses, but the scriptcanobviously be used for a lot more:You're on fire! I also threw together a script, based on an old tool I wrote a long time ago and which serves me very well (https://bitbucket.org/holiman/jinx) I basically ported it to nmap using the new spider. What it does is: - Checks if a spidered page contained parameters (x=foobar&y=gazonk&z=funzip) - If so, checks if any of these were reflected on the page ( e.g, "foobar" and "funzip" was found) - If N reflections were found, creates N new urls: -- x=foobar<payload>&y=gazonk&z=funzip -- x=foobar&y=gazonk&z=funzip<payload> -- The payload is this : ghz>hzx"zxc'xcv - For each of these N new links, it fetches the content. In the content, it checks if any of the "dangerous" characters were reflected without proper html-encoding. If any such things are found, chances are high this page is vulnerable to reflected XSS. Regards, Martin
Thanks for the contribution Martin! I've renamed the script to http-unsafe-output-escaping and made some minor cleanup. It's committed as r27488. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script http-grep Patrik Karlsson (Dec 11)
- [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 11)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 14)
- Re: [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 14)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 15)
- Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 14)
- [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 11)