hi ron
49 views
Skip to first unread message
alv....@gmail.com
Dec 12, 2013, 6:34:22 AM12/12/13
to jsql-in...@googlegroups.com
Can add website scanning/spidering i mean spider a domain of particular site for sql injection attack hole and LFI attack can also include xss attack
and custom payload of the user
ron190jSQL
Dec 15, 2013, 11:49:32 AM12/15/13
to jsql-in...@googlegroups.com, alv....@gmail.com
Hi Alv, I agree, I see some pages/posts/tweets poping here and there on the web talking about the tool, so it's slowly growing but I don't get feedback very often (except yours, thank god xD!).
I'll try to make sharing with people a bit more easier, I opened recently a twitter and blog pages:
https://twitter.com/ron190jsql
http://ron190blog.wordpress.com/
Well, I'm not very used to social media thing yet, so for the moment I'm not very concerned on page design and IT template.
Anyway, adding spidering to the tool is a good idea. Until now I considered this feature very complex, considering that I've used tools like HTTrack before and it wasn't very effective every time, I left the idea unti now.
I'll try to include it on the TODO list, the screenshots you provided should help ;) (however I only see binary .class files, no raw .java source :\)
For the moment I see LFI as series of predefined paths tests and XSS attack as posting Javascript code, I can't think of proper algorithm for both without building a spider first, so it's a lot of work and testing.
Also there's other features on TODO list, like command line execution (like sqlmap), dorking or JUnit testing, so if there are Java developers who want to join for this mass of work, contact me.
I'll try to make sharing with people a bit more easier, I opened recently a twitter and blog pages:
https://twitter.com/ron190jsql
http://ron190blog.wordpress.com/
Well, I'm not very used to social media thing yet, so for the moment I'm not very concerned on page design and IT template.
Anyway, adding spidering to the tool is a good idea. Until now I considered this feature very complex, considering that I've used tools like HTTrack before and it wasn't very effective every time, I left the idea unti now.
I'll try to include it on the TODO list, the screenshots you provided should help ;) (however I only see binary .class files, no raw .java source :\)
For the moment I see LFI as series of predefined paths tests and XSS attack as posting Javascript code, I can't think of proper algorithm for both without building a spider first, so it's a lot of work and testing.
Also there's other features on TODO list, like command line execution (like sqlmap), dorking or JUnit testing, so if there are Java developers who want to join for this mass of work, contact me.
On Thursday, December 12, 2013 11:41:49 AM UTC+1, Alvin John wrote:
> Hi
>
> your jsql is now becoming populare day by day, i am suggesting you add this feature in your next release which i am sure you are working on this holiday.
> Please consider to add WEB SPIDERING / SCANNING SITE FOR SQL INJECTION AND FILE INCLUSION
> and also custom adding payload by the user
>
> thank you ron for your time
Reply all
Reply to author
Forward
0 new messages