|
Hi all readers=2C
Just releasing a very small tool I wrote called Durzosploit.
Durzosploit is a javascript exploits generator framework that works through the console. This goal of that project is to quickly and
easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.
Please note that Durzosploit does not find browser vulnerabilities=2C it only is an framework containing exploits you can use.
More info can be found here: http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
You can get it through the SVN: http://engineeringforfun.com/wiki/index.php/Durzosploit_SVN
At present there isn't many exploits:
(dz)> search exploits
twitter.com/update_status - Updates a target's status
twitter.com/update_settings - Updates your target's settings
facebook.com/what_is_on_your_mind - Write your message in your target's mind
drupal/edit_user_profile - Drupal 6.x - edit the profile of the user
drupal/logout - Drupal 6.x - makes target logout
(dz)>
My focus has been on the framework itself=3B allowing people to quickly write their exploits and adding some automated obfuscators (Deanedwards is in there).
I'll also use that email as a chance to give a quick update on Browser Rider. I am currently working on its API=2C a ruby client and a small firefox extension. I think Durzosploit will be a good addition to all of that.
Please email to benjilenoob(_at_)gmail.com if you have any questions=2C issues=2C bugs=2C ideas=2C contributions. I'll be happy to answer you ASAP.
have fun!
Benjilenoob
_________________________________________________________________
T=E9l=E9phonez gratuitement =E0 tous vos proches avec Windows Live Messenger=A0 !=A0 T=E9l=E9chargez-le maintenant !
http://www.windowslive.fr/messenger/1.asp