Web Exploitation / WebApp PenTest
by do son · Published December 17, 2017 · Last modified November 4, 2024
Recently, the security researcher from securiteam published the vulnerabilities details that affect to vBulletin 5x. Although, they tried to contact to vBulletin developer to fix but have no any answers. It...
cmsPoc – A CMS Exploit Framework Download git clone https://github.com/CHYbeta/cmsPoc.git TYPE SCRIPT DESCRIPTION phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql Into the background any login admin permissions discuz...
Mysql injection is through the SQL command into the Web form submit or enter the domain name query string or page request, and ultimately to deceive the server to execute...
Web Exploitation / WebApp PenTest
by do son · Published November 27, 2017 · Last modified November 4, 2024
shimit is a python tool that implements the Golden SAML attack. More information on this can be found in the following article on our blog. Generate an assertion matching the parameters provided by...
On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when...
Web Exploitation / WebApp PenTest
by do son · Published October 22, 2017 · Last modified May 1, 2024
CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit Introduction Description This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In...
Web Exploitation / WebApp PenTest
by do son · Published October 9, 2017 · Last modified November 4, 2024
burplay Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues. Download...
What is BBQSQL?## Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom....
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 6, 2017 · Last modified November 4, 2024
NoSQLMap NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using...
Forensics / Network PenTest / Web Exploitation / WebApp PenTest
by do son · Published October 3, 2017 · Last modified October 10, 2021
On September 30th, 2017 @toolswatch announced the tools selected for Black Hat Arsenal Europe 2017. Most of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains...
SQL Nightmare An SQL SERVER Exploitation tool Functions Server Directory navigation. Server Database Dump. Read Server Files. Shell spawning. Download Use SQL-nightmare.exe Input URL Format http://localhost:1234/index.aspx?param=1 AND 0 union select...
LFI Image Helper This is a simple script to infect images with PHP Backdoors for local file inclusion attacks. The script has the following options: List all Image Tags...
Network PenTest / Password Attacks / Sniffing & Spoofing / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest / Wireless
by do son · Published September 27, 2017 · Last modified May 18, 2018
PenBox – A Penetration Testing Framework A Penetration Testing Framework, The Hacker’s Repo our hope is in the last version we will have the very script that a hacker needs...
Web Exploitation / WebApp PenTest
by do son · Published September 26, 2017 · Last modified November 4, 2024
BaRMIe BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services. RMI services often expose dangerous functionality without adequate security controls, however, RMI services tend to...
Web Exploitation / WebApp PenTest
by do son · Published September 25, 2017 · Last modified April 22, 2018
Panoptic Occasionally during a penetration test, I encounter a path traversal vulnerability which cannot be converted to an RFI and exploited easily. This can be quite a frustrating vulnerability to...
Support Securityonline.info site. Thanks!
Mozi Botnet Re-Emerges as Androxgh0st in New Wave of IoT Exploits
November 11, 2024
