http-unsafe-output-escaping
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-unsafe-output-escaping.nse
Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghz>hzx"zxc'xcv and check which (if any) characters were reflected back onto the page without proper html escaping. This is an indication of potential XSS vulnerability.
only spider URLs within the same host. (default: true)
the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)
the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)
only spider URLs within the same
domain. This widens the scope from withinhost
and can
not be used in combination. (default: false)
the maximum amount of pages to visit. A negative value disables the limit (default: 20)
执行格式
nmap --script=http-unsafe-output-escaping <target>
PORT STATE SERVICE REASON | http-unsafe-output-escaping: | Characters [> " '] reflected in parameter kalle at http://foobar.gazonk.se/xss.php?foo=bar&kalle=john |_ Characters [> " '] reflected in parameter foo at http://foobar.gazonk.se/xss.php?foo=bar&kalle=john
Author: Martin Holst Swende
License: VER007 整理 http://www.ver007.com