Crawling web servers to detect vulnerabilities
When assessing the security of web applications, there are certain checks that need to be done to every file in a web server. For example, looking for forgotten backup files may reveal the application source code or database passwords. The Nmap Scripting Engine supports web crawling, to help us with tasks that require a list of existing files on a web server.
This recipe will show you how to write an NSE script that will crawl a web server looking for files with a .php
extension and perform an injection test via the variable $_SERVER["PHP_SELF"]
to find reflected cross-site scripting vulnerabilities.
How to do it...
A common task that some major security scanners miss is to locate reflected cross-site scripting vulnerabilities in PHP files via the variable $_SERVER["PHP_SELF"]
. The web crawler library httpspider
comes in handy when automating this task. Let's see how we can write a script:
- Create the script file
http-phpself-xss.nse
and fill in...