XCode SQLI/LFI/XSS Vulnurable & webshell Scanner
Download XCode Exploits Scanner [re-patch September 2011]
USAGE:
Once downloaded, extract all the files and run XCodeXploitScanner.exe, insert your dork, Click Dork It and it will collect links from Dork you enter and displays the list. after displaying List, you will be able to conduct SQL injection vulnerability scanning / Local File Inclusion / Cross Site Scripting on the web that is in the list. This tool will send the injection parameters to the web as’ – * /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “). If the Web has a bug then the status will appear: www.target.com?blabla.php?=1234: SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../. . / .. / etc / passwd% 00 LFI Vulnerable
www.target.com?blabla.php?=1234 “> alert (” XXS Xcode Exploit Scanner Detected “) XSS Vulnerable
At the status list is detected, you can click Open Vuln Link with Browser to display on your browser
This tool also adds webshell hunter, where you can search the web shell C99, R57, C100, ITsecteam_shell, b374k, which had been uploaded by the hackers.
Perhaps there are many shortcomings or bugs are not known by the author. But at least this tool you can make it easier to find targets.
Hopefully Helpful
PENGGUNAAN
Setelah download, ekstrak semua filenya dan jalankan XCodeXploitScanner.exe, Klik Dork It dan Tool ini akan mengumpulkan Link dari Dork yang anda masukkan kemudian menampilkan listnya. setelah selesai menampilkan List, Anda akan bisa melakukan scanning kerentanan SQL injection/Local File Inclusion/Cross Site Scripting pada web yang ada di list. Tool ini akan mengirimkan parameter injeksi ke web seperti ‘ – * /../../../../../../../../../../../../../../etc/passwd , “>alert(“XSS DETECTED XCode Exploit Scanner”) . Jika Web tersebut memiliki bug maka di status akan muncul : www.target.com?blabla.php?=1234 : SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../../../etc/passwd LFI Vulnerable
www.target.com?blabla.php?=1234″>alert(“XXS DETECTED XCode Exploit Scanner”) XSS Vulnerable
Pada status list yang terdeteksi, anda bisa klik Open Vuln Link with Browser untuk menampilkan web pada browser anda
Tool ini juga menambahkan webshell hunter, dimana anda bisa mencari web shell c99, r57, c100, ITsecteam_shell, b374k, yang telah diupload oleh hacker.
Mungkin masih banyak kekurangan atau Bug yang belum diketahui oleh penulis. Tapi setidaknya tool ini bisa mempermudah anda untuk mencari target.
Semoga Berguna
Screen Shot
LFI Vulnerable
Web Shell Hunter
================================================================
Tidak ada komentar:
Posting Komentar