Lucene search
K

1138 matches found

Hacker One
Hacker One
added 2018/01/04 4:7 a.m.38 views

Cloudflare: // (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier

The following is valid javascript: var a = //; So is this: var url = https://hackerone.com; However, Cloudflare's auto-minifier removes the parts of both lines including and after the //, meaning in production, they look like this: var a = var url = https: This can either straight up break or...

6.8AI score
Exploits0
n0where
n0where
added 2018/01/01 8:31 p.m.74 views

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

0.1AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/08 1:37 p.m.186 views

V3n0M-Scanner - Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns

V3n0M is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

7.7AI score
Exploits0References1
Hacker One
Hacker One
added 2017/11/23 3:1 p.m.25 views

Unikrn: session_id is not being validated at email invitation endpoint

sessionid is not being validated at email invitation endpoint request sample: POST /apiv1/inviteemail HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...

0.2AI score
Exploits0
n0where
n0where
added 2017/11/07 5:30 a.m.22 views

Popular Pentesting Scanner: v3n0m

v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/04 9:35 p.m.97 views

Striker - Offensive Information And Vulnerability Scanner

Striker is an offensive information and vulnerability scanner. Features Just supply a domain name to Striker and it will automatically do the following for you: Check and Bypass Cloudflare Retrieve Server and Powered by Headers Fingerprint the operating system of Web Server Detect CMS 197+ CMSs a...

8.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2017/10/26 6:5 a.m.20 views

jQuery Official Blog Hacked — Stay Calm, Library is Safe!

The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x." jQuery's blog website blog.jquery.com runs on WordPress—the world's most popular content management system CMS used by...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2017/10/24 7:42 p.m.13 views

Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

When yesterday I was reporting about the sudden outbreak of another global ransomware attack 'Bad Rabbit,' I thought what could be worse than this? Then late last night I got my answer with a notification that Coinhive has been hacked — a popular browser-based service that offers website owners t...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/10/19 1:30 p.m.45 views

Blazy - Modern Login Bruteforcer Which Also Tests For CSRF, Clickjacking, Cloudflare and WAF

Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and...

8.2AI score
Exploits0References1
HackRead
HackRead
added 2017/10/05 9:0 p.m.43 views

CloudFlare Boots Off Torrent Site For Using Cryptocurrency Miner

By Waqas CloudFlare says sites running mining code without notifying users are considered to This is a post from HackRead.com Read the original post: CloudFlare Boots Off Torrent Site For Using Cryptocurrency Miner...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/10/04 7:50 a.m.14 views

Cloudflare CTO Goes Inside the Cloudbleed Bug

MADRID—John Graham-Cumming presided over a confessional Wednesday at Virus Bulletin 2017. Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug, which leaked memory from the content delivery network that included internal private keys and authentication...

7.1AI score
Exploits0References1
pentestit
pentestit
added 2017/09/10 2:48 a.m.263 views

cFire: IP Discovery for Domains behind Cloudflare

PenTestIT RSS Feed If you remember, I blogged about a CloudFail and HatCloud earlier. Those tools help you find the IP addresses of systems that are protected/behind Cloudflare. This post is about a new tool on the block - cFire, which just does not stop at detecting the systems restricted using...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/08/28 1:5 p.m.62 views

The WireX Botnet: An example of cross-organizational cooperation

Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...

7.2AI score
Exploits0
HackRead
HackRead
added 2017/08/17 11:57 p.m.90 views

Russia boots off DailyStormer and CloudFlare removes DDoS protection

By Waqas It looks like the racist and neo-nazi website DailyStormer has no This is a post from HackRead.com Read the original post: Russia boots off DailyStormer and CloudFlare removes DDoS protection...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/08/16 1:6 p.m.36 views

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/08/03 1:59 a.m.21 views

Unikrn: Non-Cloudflare IPs allowed to access origin servers

Summary: Non-Cloudflare IPs allowed to access origin servers Description: Your origin servers are not blocking access from non-Cloudflare servers. This way crawlers can find your origin servers' IPs by checking random IPs until they found your origin servers. What makes this especially easy are...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/07/26 5:59 p.m.473 views

Cloudflare: SSRF

Hi i make report grabtaxi for SSRF But grabtaxi answer me coffeecup closed the report and changed the status to Not Applicable. Jul 26th 2 hrs ago Hello @linkks - After further review, we have determined that this is not SSRF on any of our web properties or assets. All IP's mentioned in this repo...

6.7AI score
Exploits0
pentestit
pentestit
added 2017/07/21 6:19 a.m.86 views

Subdomain Enumeration Using Censys & Crtsh!

PenTestIT RSS Feed If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare,...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2017/07/18 2:34 p.m.9 views

Privacy Activists Suffer Legal Setback In National Security Letter Case

Privacy activists suffered a legal blow when a panel of California appeals court judges ruled Monday the Federal Bureau of Investigation could continue its practice of secretly issuing National Security Letter NSL requests for customer data from communications firms. The case involved a challenge...

0.7AI score
Exploits0References5
Kitploit
Kitploit
added 2017/07/16 2:12 p.m.27 views

CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. 1. Misconfigured DNS scan usin...

7AI score
Exploits0References1
Rows per page
Query Builder