PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity

Update the script descriptions/nsedoc a bit

Browse Source
This commit is contained in:
fyodor
2012-01-01 22:21:08 +00:00
parent 2461746840
commit 78033599ed
25 changed files with 49 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/http-unsafe-output-escaping.nse
View File

@@ -1,9 +1,11 @@
description = [[
Spiders a website and attempts to identify and issues with output escaping where content is reflected back to the user.
This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they
are indeed reflected, the script will try to insert ghz>hzx"zxc'xcv and check which (if any) characters were
reflected back onto the page without proper html escaping.
This is an indication of potential XSS issues.
Spiders a website and attempts to identify output escaping problems
where content is reflected back to the user. This script locates all
parameters, ?x=foo&y=bar and checks if the values are reflected on the
page. If they are indeed reflected, the script will try to insert
ghz>hzx"zxc'xcv and check which (if any) characters were reflected
back onto the page without proper html escaping. This is an
indication of potential XSS vulnerability.
]]
---