This is a short tutorial to find stored XSS & HTML Injections easily. HTML injections occur when input isn’t sanitized to check or remove code thus, allowing potentially malicious code to execute on a web […]
toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious […]
Features In its current state, it will only work with torrc MAX CIRCUIT DIRTINESS of 10 Cloudflare Resolver [Cloudbuster] LFI->RCE and XSS Scanning [LFI to RCE & XSS] SQL Injection Vuln Scanner [SQLi] Extremely Large […]
DalFox is a fast, powerful parameter analysis and XSS scanner, based on a golang/DOM parser. supports friendly Pipeline, CI/CD and testing of different types of XSS. I talk about naming. Dal(달) is the Korean pronunciation […]
Key features Mode: url sxss pipe file server Class Key Feature Description Discovery Parameter analysis – Find reflected param– Find alive/bad special chars, event handler and attack code– Identification of injection points(HTML/JS/Attribute)inHTML-none inJS-none inJS-double inJS-single […]
Powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Usage Just browse the web like a normal web browser then […]
The MyBB Forum plugin Timeline version 1.0 is vulnerable to XSS(Cross site Scripting) and CSRF(Cross Site Request Forgery) attacks.
Oracle Business Intelligence Enterprise Edition version 220.127.116.11.140715 is vulnerable to a stored cross site scripting exploit.
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps […]