Update XSSmh v-0.2 – a configurable Cross-Site Scripting injection testbed.

Our Post Before : http://www.seclist.us/2012/05/xssmh-v-01-configurable-cross-site.html

ScreenShot

Changelog v0.2 :

  • Added custom blacklisting options
  • Removed one-off blacklisting options
  • Removed persistent XSS page
  • Changed reflected XSS page to just XSS page
  • Added persistent option to XSS page
  • Added pxss.html file to tree to fix bug
  • Added two challenges
INTRODUCTION
==============
***WARNING: XSSmh IS INTENTIONALLY VULNERABLE. DO NOT USE ON A  PRODUCTION WEB SERVER. DO NOT EXPOSE XSSmh IN AN UNTRUSTED ENVIRONMENT.***

XSSmh is a configurable Cross-Site Scripting injection testbed. XSSmh allows you to exploit Cross-Site Scripting flaws, but furthermore allows a large amount of control over the manifestation of the flaws.

XSSmh is based on the idea of SQLol, an earlier release which allows for SQL injection exploitation.

REQUIREMENTS
==============
PHP 5.x
Web server

USAGE
======
Place the XSSmh source files on your Web server and open in a Web browser.

Download :
Zipball  or Tarball

Read more in Here : http://www.trustwave.com or mailing List With Daniel Crowley dcrowley@trustwave.com