The invention discloses a vulnerability testing method in attack and a system thereof, belonging to the field of network security. The method comprises: after programs which are analyzed is loaded into a virtual machine, whether the current running process of the virtual machine belongs to the analyzed program is recognized; if yes, whether the current code is in circulation is judged, the current status information is recorded when in circulation; if not, whether the current program is in attack is judged; if being in attack, the state s before variable which is depended by the last time program pointer can be looked for from the current recorded status information; the status information saved in the s is restored, and the program starts to run again from the state s; the concrete command which modifies the variable depended by the program pointer is found out, and the position of the command is returned; the system of the invention comprises a virtual environment module, a state selection module, a system monitoring module, a vulnerability-analysis module and a status record module. The invention has good maneuverability and high detection efficiency, and solves the problem that business software lacks a source code and can not be analyzed.