README - screamingCSS v1.00 - January 12 2002 by David deVitry security devitry.com This program is simple a modified screamingCobra with a

screamingCSS v1.00 -- < January 12, 2002 >by David deVitry[ [email protected] ]This program is simple a modified screamingCobra witha simple detector for Cross Site Scripting vulnerablities.See:A clean result from this program does not mean that a siteis free from CSS and a positive result should be tested byhand.Requirementswget and perl5replace screamingCobra with screamingCSS for now.------------------ Original README -----------------------screamingCobra v1.03 -- < January 11, 2002 >by Samy Kamkar [[email protected]]usage: screamingCobra.pl [-e] [-i] [-s|-v] <>[:port][/start/page]========================= TABLE OF CONTENTS =========================1. What is screamingCobra2. What screamingCobra does3. Why was screamingCobra written4. Configuring screamingCobra5. Command-line options6. Vulnerabilities found in popular sites7. Supported Operating Systems=======================_____________________________1. __ WHAT IS SCREAMING COBRA __=============================Any CGI that doesn't check arguements that are passed to itover the web are possibly vulnerable to attacks which allowa malicious user get read access to almost any file on thatsystem, if not access to execute programs.screamingCobrais almost always able to find those bugs REMOTELY due tothe common errors programmers make.screamingCobra is an application for remote vulnerabilitydiscovery in ANY UNKNOWN web applications such as CGIs and PHPpages.Simply put, it attemps to find vulernabilities in allweb applications on a host without knowing anything about theapplications.Modern CGI scanners scan a host for CGIswith known vulnerabilities.screamingCobra is able to 'find'the actual vulnerabilities in ANY CGI, whether it has beendiscovered before or not.