Electron_shell An increasing number of desktop applications are opting for the Electron framework. Electron provides a method that can be debugged, usually by utilizing Chrome’s inspect function or calling inspect through Node.js. In this...
Web Exploitation / Web Vulnerability Analysis
by do son · Published June 26, 2019 · Last modified August 14, 2023
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
NodeJS Debugger Command Injection /exploits/multi/misc/nodejs_v8_debugger.rb Metasploit module This module uses the “evaluate” request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The...
SHELLING – a comprehensive OS command injection payload generator – now also available as a Burp Plugin What is SHELLING? This tool is a customizable payload generator, suitable for detecting OS command injection flaws...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 4, 2016 · Last modified July 27, 2017
Command Injection is submitted by malicious parameters of the structure of the destruction of command structure, so as to achieve the purpose of the implementation of malicious commands. PHP command injection vulnerability is a...
