Sha256: 6a3d6f7b1bbf526eb3cdef0a1241970cb08da01a8e8d41b0bee17980fb634cd8

Contents?: true

Size: 948 Bytes

Versions: 5

Compression:

Stored size: 948 Bytes

Contents

# frozen_string_literal: true

##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
# Version 0.2 #
# Fixed regex
##
WhatWeb::Plugin.define "Vulnerable-To-XSS" do
  @author = "Brendan Coles <bcoles@gmail.com>" # 2010-06-06
  @version = "0.2"
  @description = "This plugin can be used as a very basic xss scanner. It searches for instances of <script>alert(*)</script> in the HTML source."

  def passive(target)
    m = []
    result = ""
    if /<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))([\s]*[\;]?[\s]*)<\/script>/i.match?(target.body)
      target.body.scan(/<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))[\s]*[\;]?[\s]*<\/script>/i) { |match|
        result << "#{match} "
      }
      m << { version: result, certainty: 25 }
    end
    m
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
simple_whatweb-0.4.1 lib/whatweb/plugins/vulnerable-to-xss.rb
simple_whatweb-0.4.0 lib/whatweb/plugins/vulnerable-to-xss.rb
simple_whatweb-0.3.0 lib/whatweb/plugins/vulnerable-to-xss.rb
simple_whatweb-0.2.1 lib/whatweb/plugins/vulnerable-to-xss.rb
simple_whatweb-0.2.0 lib/whatweb/plugins/vulnerable-to-xss.rb