WebCruiser Web Vulnerability Scanner(©¶´É¨Ã蹤¾ß) v3.5.4 Ãâ·ÑÂÌÉ«°æ

WebCruiser Web Vulnerability ScannerÊÇÒ»¿îСÇɵ«¹¦ÄÜÇ¿´óµÄWebÓ¦Ó鶴ɨÃèÆ÷£¬Äܹ»¶ÔÕû¸öÍøÕ¾½øÐЩ¶´É¨Ã裬²¢Äܹ»¶Ô·¢Ïֵĩ¶´£¨SQL×¢È룬¿çÕ¾½Å±¾£©½øÐÐÑéÖ¤£»ËüÒ²¿ÉÒÔµ¥¶À½øÐЩ¶´ÑéÖ¤¡£ ÐèÒªµÄÅóÓÑÃÇ¿ÉÒÔÏÂÔØÊÔÊÔ°É£¡

WebCruiserÊÇÒ»¿îºÃÓõÄweb©¶´É¨Ã蹤¾ß£¬Äܹ»¶ÔÓû§µÄÍøÕ¾½øÐЩ¶´É¨Ã裬²¢ÇÒÄܹ»¶Ô·¢Ïֵĩ¶´½øÐÐÑéÖ¤£¬Ò²¿ÉÒÔµ¥¶À½øÐЩ¶´µÄÑéÖ¤£¬ÎªÓû§µÄÍøÕ¾°²È«Ìṩ°ïÖú¡£WebCruiserÄܹ»É¨ÃèSQL×¢È루SQL×¢È룩£¬ Cross Site Scripting£¨¿çÕ¾£©£¬ Local File Inclusion£¨±¾µØÎļþ°üº¬£©£¬ Remote File Inclusion£¨Ô¶³ÌÎļþ°üº¬£©£¬ Redirect£¨Öض¨Ïò£©£¬ Obsolete Backup £¨¿ÉÄܵ¼ÖÂÐÅϢй¶µÄ¡¢¹ýʱµÄ±¸·ÝÎļþ£©µÈµÈ£¬²¢ÇÒֻɨÃèÖ¸¶¨µÄ©¶´ÀàÐÍ£¬ÕâÊÇÆäËûµÄɨÃ蹤¾ß²»¾ß±¸µÄ£¬¶øÇÒÕâÖÖ·½Ê½¶ÔÓÚ·Ö¹¤ºÏ×÷¹¤×÷ÊǷdz£²»´íµÄ¡£

ÔËÐÐƽ̨£ºWindows with .Net FrameWork 2.0»òÒÔÉÏ¡£

Èí¼þ¹¦ÄÜ

ÍøÕ¾ÅÀ³æ£¨Ä¿Â¼¼°Îļþ£©£»
©¶´É¨Ã裨SQL×¢È룬¿çÕ¾½Å±¾£©£»
©¶´ÑéÖ¤£¨SQL×¢È룬¿çÕ¾½Å±¾£©£»
SQL ServerÃ÷ÎÄ/×ֶλØÏÔ/äע£»
MySQL×ֶλØÏÔ/äע£»
Oracle×ֶλØÏÔ/äע£»
DB2×ֶλØÏÔ/äע£»
Access×ֶλØÏÔ/äע£»
¹ÜÀíÈë¿Ú²éÕÒ£»
GET/Post/Cookie ×¢È룻
ËÑË÷ÐÍ×¢ÈëÑÓʱ£»
×Ô¶¯´Ó×Ô´øä¯ÀÀÆ÷»ñÈ¡Cookie½øÐÐÈÏÖ¤£»
×Ô¶¯ÅжÏÊý¾Ý¿âÀàÐÍ£»
×Ô¶¯»ñÈ¡¹Ø¼ü´Ê£»
¶àỊ̈߳»
¸ß¼¶£º´úÀí¡¢Ãô¸Ð´ÊÌæ»»/¹ýÂË£»
±¨¸æ£»

ʹÓý̳Ì

ÊäÈëÍøÖ·£¬»òÕßÐèҪɨÃèµÄURL¡£
WebCruiser - Web©¶´É¨ÃèÆ÷ÌṩÁË3ÖÖɨÃèģʽ:
ScanURL£¨É¨ÃèURL£©: ֻɨÃèÖ¸¶¨µÄURL£¨µØÖ·£©.
ScanPage£¨É¨ÃèÒ³Ã棩: ֻɨÃèÖ¸¶¨µÄÒ³Ãæ¼°¸ÃÒ³ÃæÄÚµÄÁ´½Ó£¬Èç¹ûÒ³ÃæÄÚµÄÁ´½ÓλÓÚÆäËüĿ¼ÏÂÔòÌø¹ý.
ScanSite£¨É¨ÃèÍøÕ¾£©: ɨÃèͬһÓòÃûϵÄÕû¸öÍøÕ¾£¬Èç¹ûÁ´½ÓÊôÓÚÆäËüÓòÃûÔòÌø¹ý.
Ñ¡Ôñ×îÊʺÏ×Ô¼ºÐèÇóµÄÒ»ÖÖ£¬µã»÷ÓÒÉϽǵÄɨÃè°´Å¥Æô¶¯¡£

1¡¢´ò¿ª¹¤¾ßÔÚURL´¦ÊäÈëÍøÕ¾µØÖ·£¬µã»÷scansite°´Å¥¡£

2¡¢É¨Ãè½á¹ûÖÐÑ¡ÖÐ×¢ÈëÁ´½Ó£¬ÓÒ¼üµã»÷ºó£¬Ñ¡ÖÐSQL injection poc¡£

3¡¢×¢Èë³É¹¦ºó£¬×ó²àPOCÑ¡ÖÐSQL injection£¬µã»÷get environment information »ñÈ¡·þÎñÆ÷»·¾³ÐÅÏ¢¡£

4¡¢µã»÷database±êÇ©£¬Ñ¡Ôñget_current-db_onlyµã»÷Ï·½database°´Å¥,Ö»»ñÈ¡±¾Õ¾µãÊý¾Ý¿â£¬Ñ¡Ôñget_ALL_DB£¬µã»÷database£¬»ñÈ¡Õû¸ö·þÎñÆ÷ÉÏËùÓÐÊý¾Ý¿â£¬ÒÀ´Îµã»÷table£¬column£¬data£¬µÈ°´Å¥£¬¿ÉÒÔ»ñÈ¡Êý¾Ý¿âÖÐËùÓÐÐÅÏ¢¡£