Category: Web Exploitation

CORS Exploitation Framework

CORS Exploitation Framework (CEF)

CORS Exploitation Framework (CEF) A proof-of-concept tool for conducting distributed exploitation of permissive CORS configurations. Install Install Redis and Python 3. Clone this repository: git clone https://github.com/lanmaster53/cef.git Install the dependencies. pip install -r requirements Set...

Dupe Key Injector

Dupe Key Injector: new XML signature bypass technique

Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation. Dupe Key Confusion...

SQL injection: Understanding mysql command

SQL injection¬†attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...

Kubolt: scanning public kubernetes clusters

Kubolt is a simple utility for scanning public unauthenticated kubernetes clusters and runs commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands...