Re: [NSE] New script http-unsafe-output-encoding

[Patrik Karlsson <patrik () cqure net>]

On Sun, Dec 11, 2011 at 9:56 PM, Martin Holst Swende <martin () swende se>wrote:

> On 12/11/2011 08:52 PM, Patrik Karlsson wrote:
> > Hi list,
> >
> > I just committed a new script called http-grep. It does pretty much what
> > the name suggests and enables you to search for patterns within spidered
> > web pages.
> > I've included a few example usages and their responses, but the script
> can
> > obviously be used for a lot more:
> You're on fire!
>
> I also threw together a script, based on an old tool I wrote a long time
> ago and which serves me very well (https://bitbucket.org/holiman/jinx)
>
> I basically ported it to nmap using the new spider. What it does is:
> - Checks if a spidered page contained parameters
> (x=foobar&y=gazonk&z=funzip)
> - If so, checks if any of these were reflected on the page ( e.g,
> "foobar" and "funzip" was found)
> - If N reflections were found, creates N new urls:
>    -- x=foobar<payload>&y=gazonk&z=funzip
>    -- x=foobar&y=gazonk&z=funzip<payload>
>    -- The payload is this : ghz>hzx"zxc'xcv
> - For each of these N new links, it fetches the content. In the content,
> it checks if any  of the "dangerous" characters were reflected without
> proper html-encoding.
>
> If any such things are found, chances are high this page is vulnerable
> to reflected XSS.
>
> Regards,
> Martin

Thanks for the contribution Martin! I've renamed the script to
http-unsafe-output-escaping and made some minor cleanup.
It's committed as r27488.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/