Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-dombased-xss

Script types: portrule
Categories: intrusive, exploit, vuln
Download: http://nmap.org/svn/scripts/http-dombased-xss.nse

User Summary

It looks for places where attacker-controlled information in the DOM may be used to affect JavaScript execution in certain ways. The attack is explained here: http://www.webappsec.org/projects/articles/071105.shtml

Script Arguments

http-dombased-xss.singlepages

The pages to test. For example, {/index.php, /profile.php}. Default: nil (crawler mode on)

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-dombased-xss.nse <target>

DOM-based XSS occur in client-side JavaScript and this script tries to detect
them by using some patterns. Please note, that the script may generate some
false positives. Don't take everything in the output as a vulnerability, if
you don't review it first.

Most of the patterns used to determine the vulnerable code have been taken
from this page: https://code.google.com/p/domxsswiki/wiki/LocationSources

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-random-page.com
|   Found the following indications of potential DOM based XSS:
|
|     Source: document.write("<OPTION value=1>"+document.location.href.substring(document.location.href.indexOf("default=")
|     Pages: http://some-very-random-page.com:80/, http://some-very-random-page.com/foo.html
|
|     Source: document.write(document.URL.substring(pos,document.URL.length)
|_    Pages: http://some-very-random-page.com/foo.html

Requires


Author: George Chatzisofroniou

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]