Skip to content

@ssl ssl released this May 28, 2019 · 5 commits to master since this release

Thanks for using ezXSS. After I quit working on this project for more than a year, the new release is here.

Update log ezXSS 3.0:

  • Recoded the entire application
  • Fixed & cleaned some styling issues
  • Added back screenshots and option to disable
  • Added Local Storage and Session Storage in payload
  • Added direct share link for reports
  • And many more small features and improvements

If you have any feedback, suggestions or found a bug please let me know.

Execute this SQL to update from 2.x to 3.0:

INSERT INTO `settings` (`id`, `setting`, `value`) VALUES (NULL, 'screenshot', '0');

ALTER TABLE `reports` ADD `screenshot` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `localstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `sessionstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `shareid` VARCHAR(50) NOT NULL AFTER `id`;

UPDATE `reports` SET `shareid` = concat(
    lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
    lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
    lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
    lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0)
);
Assets 2

@ssl ssl released this Apr 3, 2018 · 19 commits to master since this release

Hey! Because of massive interests in ezXSS, I decided to release a small update.

  • Fixed an issue with reports not showing up
    • If you still have this issue, please check #10
  • Fixed an small parsing issue

I am currently busy with ezXSS 3.0, stay tuned!

Assets 2

@ssl ssl released this Nov 21, 2017 · 30 commits to master since this release

The great release with great new functions. It is here.

This version contains:

  • Fixed all small bugs and typos I could find.
  • You are now able to block a domain
  • Added a notepad to the dashboard. In case you need to save some info!
  • Share page is removed and now integrated on the reports page with a modal.
  • Archive reports that you don't want to see, but also don't want to delete.
  • Search page is removed and now fully integrated on the reports page.
  • Searching is now optimized, find things even better.
  • Added more payloads.
  • Added the setting to change your domain name for payloads.
  • Added API key. The API is not done, so you can not use it yet.

If you find any bugs or have a great idea, let me know! Next version with API and a new feature you would love (suggested by @dev) coming soon!

Assets 2

@ssl ssl released this Nov 9, 2017 · 44 commits to master since this release

ezXSS is a bit optimized. Some templates are removed and integrated into the framework.

  • Screenshots removed
  • Fixed an share issue

Screenshots are temporary removed. I noticed that on some sites the callback was not called because of an issue with making the screenshot. Will try to fix this soon.

Please leave any positive or negative feedback, it helps!

Assets 2

@ssl ssl released this Jun 12, 2017 · 57 commits to master since this release

The release of the first official ezXSS! Welcome to 2.0.

This version has a lot of new features and fixes, some of the main things:

  • A total new design, hopefully you like it :-)
  • The email design is also changed
  • Installation is now easier
  • Searching on the reports page
  • The way you delete reports is changed, and screenshots of reports are now also deleted
  • Removed username from logging in (password only)
  • Option to add Google's 2FA to the login
  • New favicon
  • A lot of small features added, updated or deleted
  • Cleaned up allot of code again

Please leave any positive or negative feedback, it helps!

Settings

Assets 2
Pre-release
Pre-release

@ssl ssl released this Apr 10, 2017 · 86 commits to master since this release

It is here, ezXSS version 1.6

What is fixed?

  • Fixed an HTTPS issue for some servers
  • Fixed/removed the index.js for some servers
  • Cleaned some CSS
  • Secret key is removed from sharing (I even found out you could bypass the secret key)
  • Filter tab removed to dashboard
  • Changed some design things in "All reports" and "Search"

What is added?

  • Custom JavaScript is here! Visit the payload page
  • Check more statics on the dashboard
  • Download latest ezXSS version from the dashboard

The next version will include even more great functions! Including ez installation and updating.

Assets 2
Pre-release
Pre-release

@ssl ssl released this Mar 28, 2017 · 96 commits to master since this release

Here it is: ezXSS v1.5

What is changed?

  • Cleaned up some code
  • Now you can delete a report
  • Share a report easier with auto fill
  • Fixed an password changing issue where you could change the password without an correct current password
  • New CDN for jquery and bootstrap
  • Some small fixes

Soon I will release v1.6 with allot of new features.

Assets 2
Pre-release
Pre-release

@ssl ssl released this Mar 18, 2017 · 105 commits to master since this release

I'm happy to release ezXSS version 1.4. Added some great features and removed bad things.

  • Change DOM part setting and timezone on the Settings page
  • Removed https or http on Origin
  • Changed the max chars to show on All reports page to prevent long URI's.
  • Removed some unnecessary code
  • Option to filter reports that they do not save or alert if identical to a other report.
  • Added a new feature to share a report with a other ezXSS owner using domainname and a secretkey
  • All CSS and font's are now hosted on Github.
  • Some other small fixes

This is the first release that can be used in production. If you have any problems or ideas let me know.

Screenshot of sharing

Assets 2
Pre-release
Pre-release

@ssl ssl released this Mar 14, 2017 · 117 commits to master since this release

Some bug fixes and lightweight callback file.

  • The JS callback file is minified from 301765 to 43944 total characters. Load time can be up to 5 times faster.
  • Some bug fixes and typo fixes.

Next version will have (and currently in build):

  • Remove all not-used CSS because CSS is currently bigger than everything else combined
  • Add feature to share a report with a other ezXSS user with domain+secretkey
  • Option to block a domain because you get too many reports or not interested in the domain
  • Option that if report is 100% the same as a other report, do not safe/re-alert.
  • Max chars on report page for url (responsive fix)
  • Cleanup code in Components
  • Cleanup code overal, there is some bad-practice code thats need to be fixed
Assets 2
Pre-release
Pre-release

@ssl ssl released this Mar 12, 2017 · 129 commits to master since this release

Some bug fixes and a new feature.

  • Screenshots now upload on your host
  • Screenshot preview is send in the mail
  • On PHP7+ not all reports got saved because of a big image, this is now fixed with the new features.
  • /manage page is now HTTPS only, and cookies are HTTP only protected.
  • Last report stats on dashboard bugged if it was more then x seconds, this is fixed.

If you have any suggestions please let me know. Have fun with this new version :-)!

Assets 2
You can’t perform that action at this time.