Scrubbr: Stored XSS flaw finder

The HP Security Labs blog is pointing to a new database scanning tool called “Scrubbr” that can help check numerous database technologies for the presence of possible stored cross-site scripting attacks. 

The HP Security Labs blog is pointing to a new database scanning tool called “Scrubbr” that can help check numerous database technologies for the presence of possible stored cross-site scripting attacks. 

Scrubbr (download here) is described a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML — it comes with files from the OWASP AntiSamy project, but can be customized as needed.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.