screamingCSS.pl Vulnerablitity Detector
Summary
This is a very quick, very simple detector to find the most basic of
Cross Site Scripting Vulnerablities in WebSites. It's based on
screamingCobra.
It will try to go out and spider a site and see if the user inputs
come out on the page unfiltered. It has already been used by me to
find problems with sites.
Requirements
Perl 5.
wget
Download
This program is no longer supported. Use at your own risk !
screamingCSS1.02.tar.gz V1.02 7 KB
Background
CERT alerted to Cross Site Scripting over a year ago and gave
many specific recommendations on how to prevent such attacks.
http://www.cert.org/advisories/CA-2000-02.html
Public warning from me regarding some high traffic sites
http://www.devitry.com/security.html
Make a donation and help keep this site going!
|