How to detect JavaScript Vulnerabilities

In this tutorial I will show you how to detect javascript vulnerabilities on websites using a very simple tool called DSJS.

This script was built on python and you can download it from GitHub:
https://github.com/stamparm/DSJS

Damn Small JS Scanner (DSJS) is a fully functional JavaScript library vulnerability scanner. The scanner works by detecting vulnerabilities based on version of several javascript libraries as the following: angularjs, backbone, dojo, easyXDM, ember, handlebars, jPlayer, jquery, jquery-migrate, jquery-mobile, jquery-ui-autocomplete, jquery-ui-dialog, jquery-ui-tooltip, jquery.prettyPhoto, mustache, plupload, prototypejs, sessvars, YUI.

Vulnerable

As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

This kind of vulnerabilities let you perform Cross-Site Scripting (XSS) through those websites. We will cover XSS in another tutorial.

Leave a comment