40 matches found
Exploit for CVE-2012-0053
This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...
FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities
Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the...
Judge.me : stored XSS on AliExpress Review Importer/Products when delete product
Hi @judgeme! code Step to reproduce: 1. Go to Shopify admin and create product with name "" img src=x onerror=prompt 2. Go to AliExpress Review Importer/Products and delete our product with name " img src=x onerror=promptdocument.domain F1544890 3. Xss work= P.S. Poc wideo attach F1544893 Impact...
Judge.me : Stored XSS in Question edit from product name
Hi @judgeme! Step to reproduce: 1. Log in to your shopify account and create product with name "img src=x onerror=prompt 2. Go to our store and write question to our product with name "img src=x onerror=prompt 3. Then go to Shopify admin/Judge.me Product Reviews/Questions and edit question. XSS...
Google details cookie stealer malware campaign targeting YouTubers
By Waqas Google attributed the malware campaign to a group of attackers recruited via a Russian-language hacker forum. This is a post from HackRead.com Read the original post: Google details cookie stealer malware campaign targeting YouTubers...
CopperStealer Malware Targets Facebook and Instagram Business Accounts
A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...
BrainDamage - A fully featured backdoor that uses Telegram as a C&C server
A python based backdoor which uses Telegram as C&C server. /\ /.\ ,.-'/ ",'-., -^ /-^: | \ | \ | | | | | | | | Coded by: Mehul [email protected] -- Github: https://github.com/mehulj94 -- Twitter: https://twitter.com/wayfarermj -- For windows only | | | | | | | | | / / | | | | | '/ / |...
Fully Featured Backdoor – Telegram C&C: BrainDamage
A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...
Radium-Keylogger - Python keylogger with multiple features
Python keylogger with multiple features. Features Applications and keystrokes logging Screenshot logging Drive tree structure Logs sending by email Password Recovery for Chrome Mozilla Filezilla Core FTP CyberDuck FTPNavigator WinSCP Outlook Putty Skype Generic Network Cookie stealer Keylogger st...
Python Keylogger: Radium
Python Keylogger With Multiple Features Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording logging the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Keyloggi...
Cookies Manager - Simple Cookie Stealer
A simple program in PHP to help with XSS vulnerability in this program are the following: + Cookie Stealer with TinyURL Generator + Can you see the cookies that brings back a page + Can create cookies with information they want + Hidden to login to enter Panel use ?poraca to find the login A vide...
leap cms 0.1.4 (sql/xss/su) Multiple Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...
LinkBase 2.0 - Remote Cookie Grabber Vulnerability
No description provided by source. + Download LinkBase 2.0 Cookie Grabber Exploit + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Greetz : All my friends + Make 2 files and upload to your host : stealer.php - Put the following code into the file : ?php $cookie = $GET'cookie'; $lo...
Blackboard Products 6 Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19308/info Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...
Simple Machines Forum <= 1.1.7 '[url]' Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33595/info Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML...
Aol.com XSS | Cookie Stealer (0day)
Exploit for multiple platform in category web applications This is private exploit. You can buy it at https://0day.today...
Freelancer.com XSS + Cookie Grabber
Stored XSS in Freelancer.com + Cookie Stealer. The package contains the how-to guide, PHP scriptcookie grabber and XSS vector in order. This is private exploit. You can buy it at https://0day.today...
e107 Persistant XSS vulnerability
Exploit for php platform in category web applications Exploit Title: E107 CMS Persistant XSS vulnerability Google Dork: "intitle:e107 powered website" | inurl:e107admin | ... Date: 18/02/2013 Exploit Author: Zyklon B Vendor Homepage: http://e107.org/ Software Link:...