[转载]Excess (Webmail XSS tester)

原始出处：http://www.scanit.be/

Excess is a tool for testing webmail systems for persistent cross-site scripting vulnerabilities. It sends a number of HTML-formatted email messages to a specified email address. In order to test a webmail system you need to have an email account on the system, run this script to send messages to that account, and then view the received messages through the webmail interface. If you get a popup box saying "XSS" it means that your webmail system failed to block the attack.

http://www.scanit.be/uploads/excess.pl