Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

XSS-Protection Header - Cross-Site Scripting

By kannthu

Informative
Vidoc logoVidoc Module
#xss#misconfig#generic
Description

XSS-Protection Header - Cross-Site Scripting

What is the "XSS-Protection Header - Cross-Site Scripting?"

The "XSS-Protection Header - Cross-Site Scripting" module is designed to detect the presence of a misconfiguration in the XSS-Protection header. This header is used to protect websites from cross-site scripting (XSS) attacks. The module targets websites that have either disabled the XSS-Protection header or have set it to a value other than 0, which can introduce an XSS vulnerability.

This module has an informative severity level, meaning it provides valuable information about potential vulnerabilities but does not directly impact the security of the website.

This module was authored by joshlarsen.

Impact

A misconfigured XSS-Protection header can leave a website vulnerable to cross-site scripting attacks. Cross-site scripting attacks allow malicious actors to inject and execute malicious code on a website, potentially compromising user data and system security.

How the module works?

The "XSS-Protection Header - Cross-Site Scripting" module works by analyzing the HTTP response headers of a website. It checks for the presence of the XSS-Protection header and evaluates its value. The module uses two matching conditions:

- Condition 1: It checks if the XSS-Protection header is present and set to a value of 0. If the header is found with this value, it indicates a misconfiguration. - Condition 2: It checks if the XSS-Protection header is present and set to a value other than 0. If the header is found with a value greater than 0, it indicates that the website has enabled XSS protection.

If either of these conditions is met, the module will report a potential vulnerability.

Example HTTP request:

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Matching conditions:

- Condition 1:
  - Part: Header
  - Type: Regex
  - Regex: (?i)x-xss-protection: 0
  - Negative: True
  - Condition: And

- Condition 2:
  - Part: Header
  - Type: Regex
  - Regex: (?i)x-xss-protection: 1+
  - Negative: False
  - Condition: And

For more information, refer to the Mozilla Developer Network.

Module preview

Concurrent Requests (0)
Passive global matcher
NOT regex: (?i)x-xss-protection: 0and
regex: (?i)x-xss-protection: 1+
On match action
Report vulnerability