Large-Scale, Automatic XSS Detection using Google Dorks

XSS Attacks continue to be prevalent today, not only because XSS sanitization is a hard problem in richformatting contexts, but also because there are so many potential avenues and so many uneducated developers who forget to sanitize reflected content altogether. In this paper, we present Gd0rk, a tool which employs Google’s advanced search capabilities to scan for websites vulnerable to XSS. It automatically generates and maintains a database of parameters to search, and uses heuristics to prioritize scanning hosts which are more likely to be vulnerable. Gd0rk includes a highthroughput XSS scanner which reverse engineers and approximates XSS filters using a limited number of web requests and generates working exploits using HTML and JavaScript context-aware rules. The output produced by the tool is not only a remarkably vast database of vulnerable websites along with working XSS exploits, but also a more compact representation of the list in the form of google search terms, whose effectiveness has been tested during the search. After running for a month, Gd0rk was able to identify more than 200.000 vulnerable pages. The results show that even without significant network capabilities, a large-scale scan for vulnerable websites can be conducted effectively.