299 matches found
CVE-2020-15660
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...
CVE-2020-15660
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...
CVE-2020-15660
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...
Design/Logic Flaw
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...
CVE-2020-15660
Geckodriver up to version 0.27.0 is affected by a vulnerability from missing checks on Content-Type headers, enabling CSRF that could lead to remote code execution when paired with a crafted request. Affected component: geckodriver (WebDriver HTTP API). Root cause: improper validation of Content-...
CVE-2020-15660
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...
geckodriver 跨站请求伪造漏洞
geckodriver is an application program. It provides an HTTP API described by the WebDriver protocol to communicate with the Gecko browser. A security vulnerability exists in geckodriver prior to 0.27.0, which stems from the fact that a lack of checking the Content-Type header in geckodriver may le...
PHPFusion 9.03.50 - Remote Code Execution Exploit
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) Exploit
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
QRLJacker v2.0 - QRLJacking Exploitation Framework
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code a...
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...
Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution Exploit
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html...
Social Media Enumeration & Correlation Tool: Social Mapper
Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...
EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search
Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search. This only works if theirFacebook Profile is public What does this do? In simple words you have at least one Image of the Person you are looking for and a clue about its name. You fe...
Zeus-Scanner - Advanced Reconnaissance Utility
Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...
DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps
Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...
Mimir - OSINT Threat Intel Interface
OSINT Threat Intel Interface - Named after the old Norse God of knowledge. Mimir functions as a CLI to HoneyDB which in short is an OSINT aggragative threat intel pool. Starting the program brings you to a menu the options for which are as follows. 1. Fetch Threat Feed 5. Visualize Top Malicious...
PhishLulz - Ruby toolset aimed at automating Phishing activities
PhishLulz is a Ruby toolset aimed at automating Phishing activities. When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy...