[Nikto-discuss] Questions on Nikto Scanning on Injection
Tse 山下的風
tseyatnam at hotmail.com
Mon Jul 27 03:24:36 UTC 2009
Hello everyone! I am a newbie to Nikto. Please offer me some help. : )
I used Nikto to perform a scanning on Injection with command "perl nikto.pl -h 127.0.0.1 -T 4 ".
Let's talk about my web application first.
I created a textbox where user can input anything to submit the server and filtering will NOT be done on both the client and server. When I input ' <script>alert("Hi there!")</script> ' , an alert appears. That means XSS can be performed, right?
However, Nikto cannot find out the XSS in my web application.
So, I would like to ask:
Is Nikto capable of scanning XSS on user created web application?
If yes, is there aything wrong with my Nikto scanning options so that
Nikto cannot find out this (I aslo perform a default scanning, but
nothing about XSS was shown)?
If not, what exactly the meaning of "Injection (XSS/Script/HTML). Any manner of injection, including cross site scripting (XSS) or content (HTML)" from the manual?
Thank you.
_________________________________________________________________
收發郵件以外 - 了解更多Windows Live™卓越功能
http://www.microsoft.com/windows/windowslive/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20090726/4e0d46b7/attachment.html
More information about the Nikto-discuss
mailing list