Tool and Usage
XXSER leverages the execution of arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.
This tools helps to get from XSS to Remote Code Execution (RCE). Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach can be used.
Usage and audience
XSSER is commonly used for penetration test or security assessment. Target users for this tool are pentesters and security professionals.
- + The source code of this software is available
History and highlights
- Demoed at Black Hat Europe 2015
- Demoed at Black Hat Europe 2016
Author and Maintainers
XSSER is under development by Hans-Michael Varbaek.