84 matches found
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
webray.com.cn
It is an offensive tool for web exploitation. This repository ap...
TerraMaster FS-210安全漏洞
The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...
WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...
vulhub
This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to delete any file on the server if logged in user visits attacker website. 🕵️♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...
Suspicious Exploitation Tools HTTP Payload
Suspicious traffic has been found in web exploitation tools. Successful exploitation can lead to execution of arbitrary code or denial of service conditions...
Suspicious Exploitation Tools Payload
Suspicious traffic has been found in web exploitation tools. Successful exploitation can lead to execution of arbitrary code or denial of service conditions...
vulhub1
It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...
My-CTF-Web-Challenges
It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...
hitconDockerfile
This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...
picoCTF-2019-writeups
The repository is a collection of write-ups for the picoCTF 2019 challenge. The write-ups cover various challenges, including general skills, web exploitation, and reverse engineering. The challenges involve solving problems such as decoding messages, exploiting vulnerabilities, and reversing...
Microsoft Browser Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Starbucks: Able to bypass information requirements before launching a Chat.
Summary: Bypass of mandatory fields before a Chat session can begin. Description: URL allows for bypass straight into chat, and Chat personnel won't know my name, just that they are chatting with someone. Platforms Affected: website/mobile app - please include browsers and app versions used for...
Davolink DVW 3200 Router Password Disclosure
Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit Anubhav Vendor Homepage: www.davolink.co.kr Softwa...
Selenium Server 未授权访问漏洞
1.开篇 不知道大家在平日工作中有没有遇到过一些端口,使用浏览器打开是下面这样子的: 上图中我找了几个在不同端口下的例子。 2.Selenium-开源的自动化测试利器 本篇主要的主角-Selenium究竟是什么呢?有过QA经验或安全自动化测试经验的朋友应该知道,以下文字来自百度百科:Selenium1 是一个用于Web应用程序测试的工具。Selenium测试直接运行在浏览器中,就像真正的用户在操作一样。支持的浏览器包括IE(7, 8, 9, 10, 11),Mozilla Firefox,Safari,Google Chrome,Opera等。支持自动录制动作和自动生成...
Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability(CVE-2016-3319)
Description An exploitable out of bounds write vulnerability exists in the PDF parsing API in the latest versions of Microsoft Windows. A specially crafted PDF file can cause an out of bounds write resulting in arbitrary code execution. Vulnerability can be triggered via malicious web page or a...
Inout CareerLamp 1.0 Script - Improper Access Restrictions Vulnerability
Exploit for php platform in category web applications Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout CareerLamp Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/ Author: İhsan Şenca...
Malicious iFrame Conditional Cookie Injection
Several web exploitation tools inject payloads that are displayed only when specific conditions are met. This may allow an attacker to reduce the odds of detection and to evade inspection...
MyBB Member.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14684/info MyBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation could result in a compromise of the...