Web Exploitation / WebApp PenTest
by do son · Published July 10, 2017 · Last modified November 4, 2024
XSS, cross-site scripting is a vulnerability that allows an attacker to insert malicious code (JavaScript) into a website script. Once a script has been found to be vulnerable the attacker can e-mail...
Web Exploitation / WebApp PenTest
by do son · Published July 8, 2017 · Last modified November 4, 2024
CVE-2017-9791 July 7, 2017, Apache Struts released the latest security bulletin, Apache Structs2 strus1 plug-in there is a high-risk vulnerability in the implementation of the remote code, vulnerability number CVE-2017-9791 ( S2-048 ). Attackers can...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 5, 2017 · Last modified November 4, 2024
sqlite-lab This code is vulnerable to SQL Injection and having SQLite database. During practicing one challenge i faced SQLI vulnerable script with SQLite database integrated with it For SQLite database,...
Web Exploitation / Web Maintaining Access / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 4, 2017 · Last modified November 4, 2024
LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux...
Web Exploitation / WebApp PenTest
by do son · Published July 4, 2017 · Last modified November 4, 2024
Add headers to all Burp requests to bypass some WAF products. This extension will automatically add the following headers to all requests. Features Users can modify the X-Originating-IP, X-Forwarded-For, X-Remote-IP,...
Web Exploitation / WebApp PenTest
by do son · Published June 29, 2017 · Last modified September 10, 2022
User Agent: sometimes abbreviated as UA, the user agent is a browser text string that is given to each website you visit; containing information such as the browser version, compatibility,...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 28, 2017 · Last modified November 4, 2024
Nosql Exploitation Framework is a FrameWork For NoSQL Scanning and Exploitation Framework. Feature: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 28, 2017 · Last modified November 4, 2024
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. Features The tool and exploits were developed and tested for:...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified November 4, 2024
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified November 4, 2024
LFI Scan & Exploit Tool Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input...
Information Gathering / Network PenTest / Web Exploitation / Web Information Gathering
by do son · Published June 15, 2017 · Last modified November 4, 2024
shodan ip download.py A Python script to lookup available information in Shodan for a list of IPs and save the data to a local file that can be processed using...
Cross-site scripting (XSS) is a type of computer security vulnerability that is normally present in web applications. XSS allows attackers to implement client scripts on web pages viewed by other...
Web Exploitation / WebApp PenTest
by do son · Published June 14, 2017 · Last modified November 4, 2024
A file upload point is an excellent opportunity to execute XSS applications. Many sites have user rights to upload personal data pictures of the upload point, you have a lot...
This article will talk about a new server-side vulnerability that I discovered in the PDF export process. Many servers are still vulnerable, varying from social networks to financial and governmental...
WAFNinja WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created...
Support Securityonline.info site. Thanks!
Urgent Security Update: Guix System Patches Critical Vulnerability
October 22, 2024
