Author Topic: Using a combination of online xss scanner and Intellitamper...  (Read 2664 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33598
  • malware fighter
Hi malware fighters,

It is rewarding to scan your  website against possible XSS holes - so here I found that there were holes here when scanned with : http://xss-scanner.com/index.php?  The examples are just imaginary....
Code: [Select]
url=http%3A%2F scanned site ^^^%2Fsave%2Fsave.asp%3Faction%3Dchklogin%26nocode%3Dtrue%26pageid%3Dbuygwxt%3Fismember%3D%26ismember%3D%26usercard%3D%26userpassword%3D&method=POST and here:
Code: [Select]
url=http%3A%2F%2F0^^^scanned site %2Fsave%2Fsave.asp%3Faction%3Dordersave%3Fname%3D%26sex%3D%26sex%3D%26address%3D%26zipcode%3D%26tel1%3D%26tel2%3D%26tel3%3D%26mobile%3D%26email%3D%26QQ%3D%26xtid%3D%26xttypes%3D&method=POST
Now we could give this in to Intellitamper to probe, mind that this could tool be flagged by some scanners as a PUP (McAfee for instance), but is a very good exploration tool - http://download.softpedia.com/dl/bc6110726b35185e5fd662dc494ccdfa/4c3b69c1/100037377/software/internet/intellitamper_v2.07.exe
(Use it in a VM to prevent spills and bug abuse)

Good to find out what is really behind that website of yours,

polonus
« Last Edit: July 12, 2010, 09:22:36 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!