Web Monitoring

Login: Password:

XSS and SQLi Scanner

Online XSS and SQLi Scanner for PHP projects

Find Monitoring

Website monitoring, shell detector

HTML Validator

Simple HTML Validator, only unclosed tags will be checked

ImgPack optimization

Bulk images optimization - increase website speed

Last News

Vulnerability statistics for 2011

statisticsThe year of 2011 has ended and it is possible to collect and analyze data. When scanning, the scanner logs size of a file, the number of discovered vulnerabilities, there is a counter of scans as well.

Here are the figures for 2011:

The number of scans 13.143, the amount of trusted code 7,122,421,827 bytes, the number of discovered vulnerabilities 35.545.

If you make simple mathematical operations you’ll take 2.7 vulnerability for each scanning. Or, in other words, one vulnerability on every 200.377 bytes of code.

Find Ads - new service of advertising exchange


Five friends had a meeting. The first one juggled, the second sang a song, the third told a joke, the fourth recited a poem and the fifth showed his collection of stamps.What has come of it? It happened that each of them entertained the friends once, in a while enjoyed four times. Our system of advertising exchange works by the same principle.

Advertising exchange service is completely free. For each block of advertisement shown, having the form:


Обмен рекламой
Реклама Реклама Реклама Реклама Реклама


you get up to 5 hits of your own advertisement in the same block. Why to 5? This is a temporary inconvenience, yet the system does not connect with two dozens of sites (besides there are the costs of the system).

In addition, the system provides the transmission of ad impressions from one unit to another, that makes it possible to promote the beginners projects, due to already advanced. You are given an opportunity to create and edit your ad units, personally for your site. The client clicks on your ads as well as advertising in the block on your site are taken into account. It is displayed on the stats page.

According to the experience of showing this system to friends, they all say: “Oh, so it is a pyramid!” No! This is not a pyramid! Here is a good example for 3 users:

The first shows ads:

Ads of the second and ads of the third

The second shows ad:

Ads of the first and ads of the third

The third shows ad:

Ads of the first and ads of the second

Now you can count yourselves how much each advertisement is shown, and how many times his own advertising is demonstrated. As you can see, each showed the ad one 

A new version of the scanner 0.4.0

new version

    There are two pieces of news and you may choose which to begin with. The first one is a new version of the scanner, and the second one - scanner transition to a paid mode. Well, perhaps we should start with the latter.
    Paid mode includes the following. General report of scanning is only available free of charge. The number of Errors (XSS and SQL Injection) and Warnings (they should be treated with the same attention as the Errors starting with version 0.4.0) are provided. The size of the ZIP archive for scanning remained unchanged - up to 10Mb. You need to send SMS (price is symbolic) for one-time view the full report of scanning. The possibility of getting VIP status (for a day and 3-day scanning) is remained. You have to register and make payment via SMS or paypal. A system of referrals continues to operate. You will receive 1 day of VIP for each user. You should have no problems with your VIP status if you place your referral link on your site or forum. The referral link is in your account profile.  

The site MySQL.com has been hacked


    If you have already read our funny and absurd story you may have noticed that we didn’t mention any names. The heroes of the today’s  news, on the other hand, are probably well known to the whole world. Some Romanian hackers TinKode and Ne0h hacked the MySQL.com and Sun.com sites. Moreover, the hacking was performed by means of that very SQL Injection which our website is specifically meant to fight!
    Thanks to this vulnerability the hackers obtained a list of databases and table contents used by this source as well as the tables containing users’ info – their logins and passwords.
    Furthermore, already in January an XSS- vulnerability had already been discovered in the authoritative MySQL.com website, which made it possible to attack the site by using the cross-site scripting.

New Version 0.3.3

new version    In the past month the core of the scanner 0.3.0 has been upgraded to 0.3.3. In 0.3.1 and 0.3.2 versions only the core optimization was changed. In the 0.3.3 version some important changes have taken place. In the report interface, the name of the variable which makes the code vulnerable has been added. This is a big help in fixing the problem. The occurrence of Warning statuses is now reduced by 90%. To  remind, a Warning status is something that the scanner hasn’t been able to track down but could neither classify it as a safe code. The quantity and the relevance of detected vulnerabilities has increased by 10-20%.

Funny and absurd story

Curios Our scanner is very popular among site owners whose sites were made in CMS with an open code, which stands to reason. Once one of the owners of such a site used our services and when he found lots of vulnerabilities, somewhat indignant, he wrote about it in the forum of CMS developers. It would have made sense, if the developers had verified the accuracy of the comments, removed the vulnerabilities (we found over 700! XSS vulnerabilities and SQL injections) and thanked their clients for notifying them in a timely way. But CMS developers (whose names we will leave undisclosed) without even taking the trouble to check whether their client was right or not, came to the conclusion that no scanner can possibly find any vulnerabilities. We didn’t try to prove them wrong on the forum. But we feel sincerely sorry for such self-confident developers and even more for their trustful clients. This example was purely educational: don’t repeat his mistake, check your project. What do you have to lose? The scan takes 2 minutes. Maybe you will spend one more minute on opening a file with one of the detected vulnerabilities and verify whether the scanner has made an error or not. Check and see for yourself!

Copyright © 2010 - 2020 Find-XSS.net