http-phpself-xss
脚本使用类型:
portrule
脚本所属分类:
fuzzer, intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/http-phpself-xss.nse
Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $_SERVER["PHP_SELF"].
This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHP_SELF cross site scripting vulnerabilities.
PHP_SELF XSS refers to reflected cross site scripting vulnerabilities caused by the lack of sanitation of the variable $_SERVER["PHP_SELF"]
in PHP scripts. This variable is
commonly used in php scripts that display forms and when the script file name is needed.
Examples of Cross Site Scripting vulnerabilities in the variable $_SERVER[PHP_SELF]: *http://www.securityfocus.com/bid/37351 *http://software-security.sans.org/blog/2011/05/02/spot-vuln-percentage *http://websec.ca/advisories/view/xss-vulnerabilities-mantisbt-1.2.x
The attack vector/probe used is: /'"/><script>alert(1)</script>
Spidering timeout. (default 10s)
URI. Default: /
执行格式
nmap --script=http-phpself-xss -p80 <target> nmap -sV --script http-self-xss <target>
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-phpself-xss: | VULNERABLE: | Unsafe use of $_SERVER["PHP_SELF"] in PHP files | State: VULNERABLE (Exploitable) | Description: | PHP files are not handling safely the variable $_SERVER["PHP_SELF"] causing Reflected Cross Site Scripting vulnerabilities. | | Extra information: | | Vulnerable files with proof of concept: | http://calder0n.com/sillyapp/three.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E | http://calder0n.com/sillyapp/secret/2.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E | http://calder0n.com/sillyapp/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E | http://calder0n.com/sillyapp/secret/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=calder0n.com | References: | https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) |_ http://php.net/manual/en/reserved.variables.server.php
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com