jSQL Injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the...
Recently, Progress Software’s MOVEit Transfer application has been spotlighted due to newly uncovered SQL injection vulnerabilities, threatening the integrity of this popular file transfer solution. This security issue, known as CVE-2023-35036, affects several versions...
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. You can also check...
Web Exploitation / WebApp PenTest
by do son · Published June 29, 2017 · Last modified September 10, 2022
User Agent: sometimes abbreviated as UA, the user agent is a browser text string that is given to each website you visit; containing information such as the browser version, compatibility, operating system, and any...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 12, 2017 · Last modified October 10, 2021
RED HAWK All in one tool for Information Gathering and Vulnerability Scanning Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois...
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing...
Web Exploitation / WebApp PenTest
by do son · Published September 1, 2017 · Last modified October 10, 2021
SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...
SQLmap POST request injection Sometimes SQL injection attacks are only successful with HTTP post methods. In this post, I am going to demonstrate the easiest way is to deploy a simple sqlmap command. Step...
Web Exploitation / WebApp PenTest
by do son · Published June 19, 2019 · Last modified January 26, 2021
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular...
SQLi-Hunter SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily. Installation Requirement Ruby: > 2.0.0 sqlmap Install via source code git clone https://github.com/sqlmapproject/sqlmap.git git clone https://github.com/zt2/sqli-hunter.git...
