Plugins: XSS
The plugin family "XSS" scans the request for several XSS vulnerabilities. It tries to insert payload code
that:
- checks if one or more parameters of the current page are vulnerable to XSS attacks in general
- specialized attack for attribute names, including vulnerabilities that are available in Internet Explorer (IE ignoring nullbytes, for example)
- specialized attacks inside script tags
- specialized attacks inside Cascading Style Sheets (CSS)
For each different attack type
Chorizo! executes several tests through an own specialized plugin. They are
all summarized under the "XSS" plugin family.
Chorizo's Advisor will give you a lot of information about
the problem (XSS) itself, a general solution and very specialized PHP solution code that lets you fix found
XSS bugs in an instant.