[Full-disclosure] Client-side JavaScript XSS Scanner - runs straight from your browser
pdp (architect)
pdp.gnucitizen at googlemail.com
Mon Jul 16 20:23:23 BST 2007
http://www.gnucitizen.org/blog/javascript-xss-scanner
This POC shows how easy is to implement XSS scanner by using only
JavaScript and a few tricks from the Web2.0 world. Similar technique
can be easily implemented into AJAX/XSS worms which will allow them to
propagate across several domains and also find new vulnerabilities on
their own.
Don't be evil. Use the POC for educational and demonstration purposes only.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
Full-Disclosure is hosted and sponsored by Secunia.