Sha256: d6673244de37ff638963c5963e3c7e6ecfb667f70d2fc56331b9001bc1c22a70
Contents?: true
Size: 959 Bytes
Versions: 1
Compression:
Stored size: 959 Bytes
Contents
# frozen_string_literal: true
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
# Version 0.2 #
# Fixed regex
##
WhatWeb::Plugin.define "Vulnerable-To-XSS" do
@author = "Brendan Coles <bcoles@gmail.com>" # 2010-06-06
@version = "0.2"
@description = "This plugin can be used as a very basic xss scanner. It searches for instances of <script>alert(*)</script> in the HTML source."
def passive(target)
m = []
result = ""
if /<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))([\s]*[\;]?[\s]*)<\/script>/i.match?(target.body)
version = target.body.scan(/<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))[\s]*[\;]?[\s]*<\/script>/i) { |match|
result << "#{match} "
}
m << { version: result, certainty: 25 }
end
m
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| simple_whatweb-0.1.0 | lib/whatweb/plugins/vulnerable-to-xss.rb |