21 Şub 2017 @ 4:22 PM 

root@kali:~#nmap -p80 –script http-stored-xss –script-args=httpspider.maxpagecount=200 192.168.1.5

Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-17 23:37 +03
Nmap scan report for 192.168.1.5
Host is up (0.00040s latency).
PORT STATE SERVICE
80/tcp open http
|_http-stored-xss: Couldn’t find any stored XSS vulnerabilities.
MAC Address: 00:0C:29:D2:3E:90 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 7.74 seconds

**********************************************

root@kali:~# nmap -p80 –script http-dombased-xss –script-args=httpspider.maxpagecount=200 192.168.1.5

Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-17 23:39 +03
Nmap scan report for 192.168.1.5
Host is up (0.00030s latency).
PORT STATE SERVICE
80/tcp open http
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=200; withinhost=192.168.1.5
| Found the following indications of potential DOM based XSS:
|
| Source: document.write(location.hash.substring(1)
|_ Pages: http://192.168.1.5/xss/example9.php#hacker
MAC Address: 00:0C:29:D2:3E:90 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 3.91 seconds

****************************************************************

root@kali:~# nmap -p80 –script http-phpself-xss –script-args=httpspider.maxpagecount=200 192.168.1.5

Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-17 23:40 +03
Nmap scan report for 192.168.1.5
Host is up (0.00029s latency).
PORT STATE SERVICE
80/tcp open http
| http-phpself-xss:
| VULNERABLE:
| Unsafe use of $_SERVER[“PHP_SELF”] in PHP files
| State: VULNERABLE (Exploitable)
| PHP files are not handling safely the variable $_SERVER[“PHP_SELF”] causing Reflected Cross Site Scripting vulnerabilities.
|
| Extra information:
|
| Vulnerable files with proof of concept:
| http://192.168.1.5/xss/example8.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
| Spidering limited to: maxdepth=3; maxpagecount=200; withinhost=192.168.1.5
| References:
| https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
|_ http://php.net/manual/en/reserved.variables.server.php
MAC Address: 00:0C:29:D2:3E:90 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 3.76 seconds

Posted By: Hakan NİŞANCI
Last Edit: 07 Mar 2019 @ 04:01 PM

EmailPermalink
Tags


 

Responses to this post » (None)

 

Sorry, but comments are closed. Check out another post and speak up!

Tags
Comment Meta:
RSS Feed for comments

 Last 50 Posts
Change Theme...
  • Users » 1
  • Posts/Pages » 9
  • Comments » 0
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight

Örnek sayfa



    No Child Pages.

About



    No Child Pages.