XSS scanner
XSS (or Cross Site Scripting) is a very common web programmer's mistake.
Some days ago I wrote xss.rb , a tool that test a website against XSS errors (MIT License).It is recursive, all links and variables of the website will be checked, the only thing you need to pass it as argument is the hostname and an optional path.
It detects common non-persistent XSS only, please feel free to improve it.
As demonstration, let's try my tool against a famous mexican hackers team:
EE index.php?gallery=<webshark>
EE index.php?contenido=<webshark>&gallery=<webshark>
EE index.php?contenido=<webshark>&action=<webshark>&gallery=<webshark>&image=<webshark>
EE index.php?startat=<webshark>&contenido=<webshark>&action=<webshark>&gallery=<webshark>&image=<webshark>
EE index.php?control=<webshark>&contenido=<webshark>&action=<webshark>&gallery=<webshark>&image=<webshark>
It ends up showing some urls, the “<webshark>” thing is the place where we can inject some code. Now we know that their gallery script is vulnerable to XSS as we can see here .
- Saturday January 5, 2008 @ 10:03
- Write a comment
{ About the author
xiam
José Carlos Nieto is a nerd that pretends to be a Math student (UNAM), he works with his friends creating amazing stuff at Astrata Software.
ruby
… te hemos perdido ='(
tu no haces “videos demostrativos” ?
Hola xiam.
en lo referente a la web de icenetx, todos los XSS que encontró tu web son de singapore (galería de imagenes).
Por otro lado, el link que pusiste de ejemplo. No funciona