description = [[
Crawls a web server looking for PHP files vulnerable to PHP_SELF cross site scripting vulnerabilities.

This script crawls the index file in the webserver to create a list of PHP files and then sends an attack vector/probe to all of them to identify PHP_SELF cross site scripting vulnerabilities. PHP_SELF XSS refers to xss vulnerabilities caused by the lack of sanitation of the variable $_SERVER["PHP_SELF"]

The attack vector/probe used is ">"/<()'"
]]

---
-- @usage
-- nmap -p80,443 --script phpself-xss <host/ip>
--
-- @output
--

author = "Paulino Calderon"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"vuln", "intrusive"}

require("http")