Download XCode Exploits Scanner [re-patch September 2011]
USAGE:
Once downloaded, extract all the files and run XCodeXploitScanner.exe, insert your dork, Click Dork Itand it will collect links from Dork you enter and displays the list. after displaying List, you will be able to conduct SQL injection vulnerability scanning / Local File Inclusion / Cross Site Scripting on the web that is in the list. This tool will send the injection parameters to the web as’ – * /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “). If the Web has a bug then the status will appear: www.target.com?blabla.php?=1234: SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../. . / .. / etc / passwd% 00 LFI Vulnerable
www.target.com?blabla.php?=1234 “> alert (” XXS Xcode Exploit Scanner Detected “) XSS Vulnerable
At the status list is detected, you can click Open Vuln Link with Browser to display on your browser
This tool also adds webshell hunter, where you can search the web shell C99, R57, C100, ITsecteam_shell, b374k, which had been uploaded by the hackers.
If the list of “Google results” do not bring results, you can try some tricks
[1] change the search path from “/cse?FORID:1&q=” to “/search?Q=“
[2] Click “Show Captcha“, fill in the code.
[3] change the google domain, example: from com to co.id , com.br, fr, co.th, com.ch or etc
Post a Comment