Location:
Search - xss
Search list
Description: 国外网站找的关于Xss攻击的文档,具有一定的参考价值
-overseas sites to find Xss attacks on the document, with some reference value
Platform: |
Size: 6192128 |
Author: hb6106 |
Hits:
Description: Google 推出一套免費的 Web 安全評估工具,叫做 ratproxy,這套工具可以檢測、分析您的網站是否有安全性漏洞或網頁是否有被入侵,目前可支援 Linux, FreeBSD, MacOS X, 與 Windows (Cygwin) 等執行環境(反正就是 Unix-like 的環境啦)。
RatProxy 可偵測到的漏洞包括 Cross-site Scripting (XSS, 跨網站指令碼)、指令碼惡意置入(script inclusion issues), 惡意網頁內容(content serving problems), insufficient XSRF 以及 XSS 防護(XSS defenses) 等。-Google introduced a free Web security assessment tool, called ratproxy, this tool can detect, analyze whether your site has security vulnerabilities or whether the page has been compromised, currently supports Linux, FreeBSD, MacOS X, and Windows (Cygwin ), such as the implementation of the environment (in any case is the Unix-like environment for you). RatProxy can be detected vulnerabilities including Cross-site Scripting (XSS, cross-site scripting), placed malicious script (script inclusion issues), malicious Web content (content serving problems), insufficient XSRF and XSS protection (XSS defenses) and so on.
Platform: |
Size: 167936 |
Author: 张先国 |
Hits:
Description: asp.net系统,防止XSS攻击的实例程序-asp.net application, anti-XSS attack example program
Platform: |
Size: 28672 |
Author: danny |
Hits:
Description: The Cross Frame Scripting 翻译-The Cross Frame Scripting
Platform: |
Size: 924672 |
Author: 鞍山地方 |
Hits:
Description: 基于JAVA的漏洞检测开源软件,可检测web网站的SQL注入和XSS漏洞。-JAVA-based open source vulnerability detection software, web sites can detect SQL injection and XSS vulnerabilities.
Platform: |
Size: 6024192 |
Author: yunzhong |
Hits:
Description: 最好的xss跨站源码,本人测试多次,均非常成功截获用户的cooick和账号密码,跨站最佳工具-The best xss cross-site source code, I tested many times, are very successfully intercepted the user cooick and account password, the best tool for cross-site
Platform: |
Size: 2279424 |
Author: winjia |
Hits:
Description: Cross Site Scripting
Platform: |
Size: 1595392 |
Author: Lambert Leonard |
Hits:
Description: PSTZine_0x03_0x04--突破XSS字符数量限制执行任意JS代码-PSTZine_0x03_0x04- break XSS character limit on the number to execute arbitrary code in JS
Platform: |
Size: 90112 |
Author: anglewings |
Hits:
Description: 介绍了跨站脚本的基本知识,会对你产生很好的帮助作用。-Describes the basic knowledge of cross-site scripting, will help you produce a good effect.
Platform: |
Size: 567296 |
Author: 赵强 |
Hits:
Description: JSkyv1.0汉化版,Web漏洞的网站安全综合检测工具 :
SQL注入(SQL Injection ) 跨站脚本(XSS ) 不安全的对象引用(Unsecure object using ) 本地路径泄露(Local path disclosure ) 不安全的目录权限(Unsecure directory permissions ) 服务器漏洞如缓冲区溢出和配置错误(Server vulnerabilities like buffer overflow and configure error) 敏感目录和文件扫描(Possible sensitive directories and files scan ) 备份文件扫描(Backup files scan ) 源代码泄露(Source code disclosure ) 命令执行(Command Execute ) 文件包含(File Include ) Web木马后门(Web backdoor ) 敏感信息(Sensitive information ) -JSkyv1.0 Chinese Version, Web site security vulnerability detection tools integrated: SQL injection (SQL Injection) Cross-site scripting (XSS) secure the object reference (Unsecure object using) local path disclosure (Local path disclosure) insecure directory permissions (Unsecure directory permissions) server, such as buffer overflow vulnerabilities and configuration errors (Server vulnerabilities like buffer overflow and configure error) sensitive directory and file scanning (Possible sensitive directories and files scan) scan backup files (Backup files scan) source code leaked (Source code disclosure) command (Command Execute) file that contains (File Include) Web Trojan back door (Web backdoor) sensitive information (Sensitive information) and so on ......
Platform: |
Size: 6307840 |
Author: 李大海 |
Hits:
Description: XSS攻击与防御的论文,最近在研究这个,不知道有高手没,可以交流下-XSS attack and defense of the thesis, a recent study this, do not know no master, under the exchange
Platform: |
Size: 669696 |
Author: 仙豆 |
Hits:
Description: 还是关于XSS的资料,网上这方面的资料和论文还真找,先分享了再说-Or information on XSS, online information and papers in this area really looking for, shared the first to say
Platform: |
Size: 532480 |
Author: 仙豆 |
Hits:
Description: 利用mail.139.com,由于对邮件正文过滤不严,导致存在xss漏洞来触发浏览器去读取远端的js脚本,并且执行该脚本。该脚本能够在IE浏览器执行。
同时,经过分析发现,mail.139.com中发送邮件的功能存在CSRF弱点 可以通过Ajax技术获取发送邮件所需要的mid值。另外邮箱的“通信录 “中的联系人邮件可以直接通过javascript取出。-Using mail.139.com, due to lax message body filtering, leading to xss flaw exists to trigger browser to read the remote js script, and execute the script. The script can IE browsers. Meanwhile, after analysis, mail.139.com send mail function in the presence CSRF vulnerability can send mail through the Ajax technology needed for mid value. Another mailbox " address book" in the contact e-mail can be removed directly through the javascript.
Platform: |
Size: 3072 |
Author: 圣域冰皇 |
Hits:
Description: 基于JS的XSS扫描器——XSS Rays.
最近The Spanner发布了一个名为XSS Rays的 XSS漏洞扫描器。这tool有点意思,是使用JS写的,JS遍历目标的link、form,然后构造测试用例去测试,可以发现DOM的XSS(当然是在测试用例打对了的情况下)。它的调用方式也特别,在要测试的页面输入javascript:等代码引入JS就好了,然后由引入的JS负责抓去url和测试。
这种思路非常值得学习。小规模单兵作战可以,大规模的话估计效率不高。当然,我觉得要解决DOM XSS最终还是要靠JS引擎-The XSS scanner based on JS- XSS Rays. The Spanner released recently called XSS Rays of the XSS vulnerability scanner. This tool bit mean, is written using JS, JS traverse target link, form, and then construct test cases to test, you can find the DOM XSS (of course, is playing in the test case on the circumstances). It calls in particular ways, to test the page, enter in the javascript: and other JS code like the introduction, and then taken away by the responsible url JS introduced and tested. This idea is worth learning. Man operations to small-scale and large-scale, then estimate the efficiency is not high. Of course, I feel the need to solve the DOM XSS ultimately depend on JS engines
Platform: |
Size: 10240 |
Author: wowbellon |
Hits:
Description: cross site scripting xss (security)
Platform: |
Size: 610304 |
Author: mimi |
Hits:
Description: xss反射存储型的+csrf+html注入老网站的练习源码(Xss+csrf+html practice source code)
Platform: |
Size: 1243136 |
Author: oceanz |
Hits:
Description: xss漏洞测试源码的压缩包,直接放到IIS中即可使用(XSS vulnerability test source code)
Platform: |
Size: 6354944 |
Author: Ishmael |
Hits:
Description: 可以搭建属于自己的xss接收平台,新增了邮件和短信接收功能(You can build your own XSS receiving platform, adding mail and SMS receiving functions)
Platform: |
Size: 369664 |
Author: elegant_monster |
Hits:
Description: XSS平台最新版源码2020最新下载 功能齐全(XSS platform latest source code 2020 latest download function complete)
Platform: |
Size: 2205696 |
Author: exp007 |
Hits:
Description: 最新完善版XSS平台源码 【40多个模块】(The latest perfect version of the XSS platform source code [more than 40 modules])
Platform: |
Size: 493568 |
Author: redrose |
Hits: