SyscOn started as a school project in Feb 2006 and I’ve been working on it from time to time ever since. It’s lousy written in PHP and allows you to remotely access, config and monitor your WinXP box via webinterface. My mate Philipp and I also presented syscOn1 on a congress for students in Berlin last year.
PHP Scanner
This little tool scans PHP Scripts for potential vulnerable PHP functions and then traces back its parameters. With this you can easily see if a parameter of a vulnerable function comes from userinput. Additionally PHP Scanner allows you to mark those lines in the source (bottom frame) and build custom CURL code to exploit the issues found.
Once I’ve fixed major bugs and made the codes a bit more readable, I’ll release them here.
