Detecting Cross Site Scripting vulnerabilities in web applications
Cross Site Scripting vulnerabilities allow attackers to spoof content, steal user cookies, and even execute malicious code on the user's browsers. There are even advanced exploitation frameworks such as Beef
that allow attackers to perform complex attacks through JavaScript hooks. Web pentesters can use Nmap to discover these vulnerabilities in web servers in an automated manner.
This recipe shows how to find Cross Site Scripting vulnerabilities in web applications with Nmap NSE.
How to do it...
To scan a web server looking for files vulnerable to Cross Site Scripting (XSS), we use the following command:
$ nmap -p80 --script http-unsafe-output-escaping <target>
All of the files suspected ...
Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.