Scrubbr: Stored XSS flaw finder

Author: Ryan Naraine

February 25, 2009 1:46 pm

The HP Security Labs blog is pointing to a new database scanning tool called “Scrubbr” that can help check numerous database technologies for the presence of possible stored cross-site scripting attacks.

The HP Security Labs blog is pointing to a new database scanning tool called “Scrubbr” that can help check numerous database technologies for the presence of possible stored cross-site scripting attacks.

Scrubbr (download here) is described a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML — it comes with files from the OWASP AntiSamy project, but can be customized as needed.

Suggested articles

thunderspy attack

Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack

If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called “Thunderspy.”

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.