Intro :
There are plenty of tools that assist you in finding XSS holes . Somtimes , automated tools (a.k.a fuzzers) return false positive results. Make sure you always verity the results from fuzzer reports after scanning is done .
Tool Descripting :
It's capabale of finding both XSS and SQLinjection vulnerabilities. IT Does web crawling , gets all the GETs and POSTs , and then fuzz them with 'SQlinjection' and 'XSS' triggers.
Objective :
To automate finding XSS hole on particular web site quickly
_________________________________________________________________________
Let's Get Started .....
Steps :
1. cd /pentest/web/sqlinject-1.1/
2. ./sqlinject.py -h host -p port -t target
(e.g ./sqlinect.py -h 192.168.10.1 -p 80 -t /vulnerable_pages/xssed.php
__________________________________________________________________________
It's easy , right ? :D
0 comments:
Post a Comment