HTML::Form::XSS - Test HTML forms for cross site scripting vulnerabilities.
use HTML::Form::XSS; use WWW::Mechanize; my $mech = WWW::Mechanize->new(); my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml'); $mech->get("http://www.site.com/pagewithform.html"); my @forms = $mech->forms(); foreach my $form (@forms){ my @results = $checker->do_audit($form); foreach my $result (@results){ if($result->vulnerable()){ my $example = $result->example(); print "Example of vulnerable URL: $example\n"; last; } } }
Provides a simple way to test HTML forms for cross site scripting (XSS) vulnerabilities.
Checks to perform are given in a XML config file with the results of each test returned.
my $mech = WWW::Mechanize->new(); my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');
Creates a new HTML::Form::XSS object using two required parameters. Firstly a <WWW::Mechanize> or compatible object, secondly the path to the XML config file.
Please see the example config.xml included in this distribution for details.
my @results = $checker->do_audit($form);
Using the provided <HTML::Form> object the form is tested for all the XSS attacks in the XML config file.
An array of <HTML::Form::XSS::Result> objects are returned, one for each check.
WWW::Mechanize, HTML::Form, HTML::XSSLint
MacGyveR <dumb@cpan.org>
Development questions, bug reports, and patches are welcome to the above address
Copyright (c) 2009 MacGyveR. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install HTML::Form::XSS, copy and paste the appropriate command in to your terminal.
cpanm
cpanm HTML::Form::XSS
CPAN shell
perl -MCPAN -e shell install HTML::Form::XSS
For more information on module installation, please visit the detailed CPAN module installation guide.