hozarares Posted July 29, 2010 Report Posted July 29, 2010 (edited) PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. In all, it can detect the following:Arbitrary Command ExecutionArbitrary PHP ExecutionLocal File InclusionArbitrary File Read/Write/Change/Rename/DeleteSQL InjectionReflected Cross-site ScriptingUsage:PuzlBox must be run as administrator!puzlbox [-s Server (default localhost)] [-m Scan Modes (default CFLPSX)] [Absolute Web Root] [-n No Unhook] [Application Paths (comma delimited)]Modes:C – Arbitrary Command ExecutionF – Arbitrary File Read/Write/Change/Rename/DeleteL – Local File InclusionP – Arbitrary PHP ExecutionS – SQL InjectionX – Reflected Cross-site ScriptingExemples:1 puzlbox c:\xampp\htdocs MyApp Runs all scans on MyApp, located in web root c:\xampp\htdocsview sourceprint?1 puzlbox -m CX c:\xampp\htdocs MyApp1,MyApp2 1 puzlbox -m CX c:\xampp\htdocs MyApp1,MyApp2 Runs Arbitrary Command Execution and Reflected Cross-site Scripting scans on MyApp1and MyApp2 located in web root c:\xampp\htdocsSursa: PenTestIT Edited July 29, 2010 by hozarares gg
begood Posted July 29, 2010 Report Posted July 29, 2010 http://rstcenter.com/forum/24523-puzlbox-1-0-0-0-php-fuzzer-tool.rst?highlight=PuzlBoxdupe
