Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, what requests look like and to test simple things like XSS injection. At the same time, it’s really hard for me to do something more complicated, like implementing custom fuzzing with having to...

Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, what requests look like and to test simple things like XSS injection. At the same time, it’s really hard for me to do something more complicated, like implementing custom fuzzing with having to...

SRC-2019-0014 : Oracle Application Testing Suite UploadServlet External Entity Injection Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. Due to the...

Scrounger - Mobile Application Testing Toolkit

Scrounger - a person who borrows from or lives off others. There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is because it lives off mobile application's...

Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Apache Log4j 2.x before 2.8.2 due to the ability to receive serialized log events from another application. An unauthenticated,...

Pro Tips: Testing Applications Using Burp, and More

Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro...

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

Description OWASP AntiSamy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the...

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j 2.0-alpha1 through 2.8.1 ar...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

Design/Logic Flaw

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

The CVE-2017-3311 entry affects Oracle Enterprise Manager Grid Control, specifically the Application Testing Suite component (Test Manager for Web Apps). Affected versions are 12.5.0.3, 12.5.0.2, and 12.4.0.2. The vulnerability allows an unauthenticated attacker with network access via HTTP to co...

Oracle Application Testing Suite 12.4.0.2, 12.5.0.2 Multiple Vulnerabilities (cpujan2016) - Active Check

Oracle Application Testing Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Application Testing Suite Detection

Detects the installed version of Oracle Application Testing Suite. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

Description Novell NetIQ Sentinel is prone to a security vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Novell NetIQ Sentinel version 7.4x are vulnerable. Technologies Affected Apache Commons FileUpload 1.0...

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)

An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...

Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle ATS Arbitrary File Upload', 'Description' = %q This module exploits an authentication...