[Nikto-discuss] Questions on Nikto Scanning on Injection
tseyatnam at hotmail.com
Mon Jul 27 03:24:36 UTC 2009
Hello everyone! I am a newbie to Nikto. Please offer me some help. : )
I used Nikto to perform a scanning on Injection with command "perl nikto.pl -h 127.0.0.1 -T 4 ".
Let's talk about my web application first.
I created a textbox where user can input anything to submit the server and filtering will NOT be done on both the client and server. When I input ' <script>alert("Hi there!")</script> ' , an alert appears. That means XSS can be performed, right?
However, Nikto cannot find out the XSS in my web application.
So, I would like to ask:
Is Nikto capable of scanning XSS on user created web application?
If yes, is there aything wrong with my Nikto scanning options so that
Nikto cannot find out this (I aslo perform a default scanning, but
nothing about XSS was shown)?
If not, what exactly the meaning of "Injection (XSS/Script/HTML). Any manner of injection, including cross site scripting (XSS) or content (HTML)" from the manual?
收發郵件以外 - 了解更多Windows Live™卓越功能
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nikto-discuss