Detecting XSS vulnerabilities
XSS vulnerabilities allow attackers to spoof content, steal user cookies, and even execute malicious code on the user's browsers. There are even advanced exploitation frameworks such as Beef that allow attackers to perform complex attacks through JavaScript hooks. Web penetration testers can use Nmap to discover these vulnerabilities in web servers in an automated manner.
This recipe shows how to find XSS vulnerabilities in web applications with Nmap NSE.
How to do it...
- To scan a web server looking for files vulnerable to XSS, we use the following command:
$ nmap -p80 --script http-unsafe-output-escaping <target>
- All the files suspected to be vulnerable will be listed in the results:
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-unsafe-output-escaping: |_ Characters [> " '] reflected in parameter id at http://target/1.php?id=1
The script output will also include the vulnerable parameter and which characters...