Lucene search
+L

96 matches found

Metasploit
Metasploit
added 2020/05/08 4:21 p.m.109 views

Cloud Lookup (and Bypass)

This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host. More precisely, this module uses multiple data sources in order ViewDNS.info, DNS enumeration and Censys to collect...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2020/02/06 8:30 p.m.223 views

Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...

7.1AI score
Exploits0References2
Hacker One
Hacker One
added 2020/02/06 7:47 a.m.20 views

Uber: Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE

After booking a shared ride, an attacker is able to access the profile picture of a co-rider. It is possible during the trip to view the co-rider's picture...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2020/01/08 11:30 a.m.284 views

WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website

The Web Application FirewallFingerprinting Tool. — FromEnable Security How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

7.1AI score
Exploits0References7
Hacker One
Hacker One
added 2019/11/04 7:36 a.m.26 views

GSA Bounty: Cache poisoning DoS to various TTS assets

I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/23 8:22 a.m.4 views

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...

7.5CVSS7.5AI score0.03041EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2019/06/04 3:0 p.m.202 views

Magecart skimmers found on Amazon CloudFront CDN

Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2019/05/14 12:43 p.m.228 views

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

7.2AI score
Exploits0References3
Hacker One
Hacker One
added 2019/04/24 11:5 p.m.40 views

Ping Identity: Internal Hostname disclosure from multiple Apache servers via blank host header method

This vulnerability was due to a general misconfiguration of Apache servers; this is a good example of the importance of "Secure Defaults" in open-source projects. An example of a generic request and response would be: openssl sclient -connect apache.example.com:443 GET apache.example.com/foo...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/10/26 8:17 a.m.21 views

d31bfnnwekbny6.cloudfront.net XSS vulnerability

Open Bug Bounty ID: OBB-690906 Description| Value ---|--- Affected Website:| d31bfnnwekbny6.cloudfront.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

0.1AI score
Exploits0
n0where
n0where
added 2018/09/05 4:19 p.m.24 views

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

1.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/17 9:7 p.m.22 views

Aws_Public_Ips - Fetch All Public IP Addresses Tied To Your AWS Account

awspublicips is a tool to fetch all public IP addresses both IPv4/IPv6 associated with an AWS account. It can be used as a library and as a CLI, and supports the following AWS services all with both Classic & VPC flavors: APIGateway CloudFront EC2 and as a result: ECS, EKS, Beanstalk, Fargate,...

7.2AI score
Exploits0References3
Hacker One
Hacker One
added 2018/05/16 1:40 p.m.23 views

Grab: Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com

Good day, I truly hope it treats you awesomely on your side of the screen : I have found that your website cdn.grab.com is pointed via a cname to a cloudfront instance cdn.grab.com = .cloudfront.net This was not registered on Amazon Aws Cloudfront. I was able to take over the domain: See my POC P...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2018/04/09 12:38 p.m.15 views

CloudFrunt - A Tool For Identifying Misconfigured CloudFront Domains

CloudFrunt is a tool for identifying misconfigured CloudFront domains. Background CloudFront is a Content Delivery Network CDN provided by Amazon Web Services AWS. CloudFront users create "distributions" that serve content from specific sources an S3 bucket, for example. Each CloudFront...

7.1AI score
Exploits0References1
n0where
n0where
added 2018/04/03 10:19 p.m.21 views

Identify Misconfigured CloudFront Domains: CloudFrunt

CloudFrunt is a tool for identifying misconfigured CloudFront domains. CloudFront is a Content Delivery Network CDN provided by Amazon Web Services AWS. CloudFront users create “distributions” that serve content from specific sources an S3 bucket, for example. Each CloudFront distribution has a...

0.1AI score
Exploits0References1
Hacker One
Hacker One
added 2018/03/16 1:26 p.m.56 views

Greenhouse.io: DoS through cache poisoning using invalid HTTP parameters

I was taking a look into a related report https://hackerone.com/reports/298265 and I discovered that the https://boards.greenhouse.io/embed/jobboard/js?for= endpoint doesn't throw errors when I try to pass in an array of for parameters like this:...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2018/02/17 1:29 a.m.108 views

GSA Bounty: Subdomain Takeover due to unclaimed domain pointing to AWS

Note: I know this is on an out of scope domain, however felt it should still be raised as it was the only subdomain of data.gov to be vulnerable. Issue Details The consultant identified that subdomain https://18f.domains.api.data.gov/ is pointing to dn9rrjaiux2m0.cloudfront.net via a DNS CNAME...

Exploits0
Hacker One
Hacker One
added 2018/01/10 12:23 p.m.63 views

GSA Bounty: Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS

An attacker can deface various pages on catalog.data.gov, leading to them executing malicious JavaScript when visited by a normal user. The root problem is that the server trusts the X-Forwarded-Host HTTP header, and uses this to populate the 'data-site-root' and 'data-locale-root' attributes on...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/11/03 4:3 p.m.37 views

Trello: Subdomain Takeover Possible [N/A]

Hello , Team Trello Security Today == 04/11/2017 , 03:52 , I Discovred A Issue in Your Website , i found this error In : http://d2k1ftgv7pobq7.cloudfront.net/ ======================================================= ERROR The request could not be satisfied. Bad request. Generated by cloudfront...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2017/10/30 1:21 p.m.371 views

subjack - Hostile Subdomain Takeover tool written in Go

subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...

9AI score
Exploits0References1
Rows per page
Query Builder