Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
It contains several options to try to bypass certain filters, and various special techniques of code injection.
XSSer Features
* Added “final remote injections” option
* Cross Flash Attack!
* Cross Frame Scripting
* Data Control Protocol Injections
* Base64 (rfc2397) PoC
* OnMouseMove PoC
* Browser launcher
* New options menu
* Pre-check system
* Crawler spidering clones
* More advanced statistics system
* “Mana” ouput results
XSSer Features
* Added “final remote injections” option
* Cross Flash Attack!
* Cross Frame Scripting
* Data Control Protocol Injections
* Base64 (rfc2397) PoC
* OnMouseMove PoC
* Browser launcher
* New options menu
* Pre-check system
* Crawler spidering clones
* More advanced statistics system
* “Mana” ouput results
source:http://linuxpoison.blogspot.com/2011/10/13578167753139.html