Detecting Cross Site Scripting vulnerabilities in web applications
Cross Site Scripting vulnerabilities allow attackers to spoof content, steal user cookies, and even execute malicious code on the user's browsers. There are even advanced exploitation frameworks such as
This recipe shows how to find Cross Site Scripting vulnerabilities in web applications with Nmap NSE.
How to do it...
To scan a web server looking for files vulnerable to Cross Site Scripting (XSS), we use the following command:
$ nmap -p80 --script http-unsafe-output-escaping <target>
All of the files suspected ...