Lucene search
K

6 matches found

Kitploit
Kitploit
added 2018/09/15 12:53 p.m.183 views

HashPump - A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Help Menu $ hashpump -h HashPump -h help -t test -s signature -d data -a additional -k keylength HashPump generates strings to exploit signatures vulnerable...

7.1AI score
Exploits0References3
Hacker One
Hacker One
added 2017/07/20 10:22 a.m.36 views

Zomato: Length extension attack leading to HTML injection

At the profile setting page where I can set my personal website I found this url: https://www.zomato.com/redirect?u=xxx&t=yyy Where xxx is the url that we can control and yyy is the hash. Through out blackbox testing I find out that if md5somescret + url == t then the redirect is allowed. This is...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2017/04/13 2:30 p.m.45 views

HashPump - A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Help Menu $ hashpump -h HashPump -h help -t test -s signature -d data -a additional -k keylength HashPump generates strings to exploit signatures vulnerable...

Exploits0References3
seebug.org
seebug.org
added 2016/05/24 12:0 a.m.76 views

phpwind9.x 通讯秘钥安全漏洞

来源链接:phpwind 利用哈希长度扩展攻击进行getshell 一哥新发的漏洞,还是蛮屌的: http://www.wooyun.org/bugs/wooyun-2016-0210850。分析补丁( http://www.phpwind.net/read/3709549 )加上一些风闻,我得知利用的是哈希长度扩展攻击。之前CTF中经常出境的MD5 Length Extension Attack,终于在实战中露了一次面。 0x01 漏洞点分析 phpwind逻辑太冗杂了,一看就是java程序员开发的。...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.109 views

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2013/09/03 12:0 a.m.4 views

PT-2013-63: Hash Length Extension in HTMLPurifier

The specialists of the Positive Research center have detected a vulnerability in HTMLPurifier that allows attackers to carry out a "Hash Length Extension" attack.. Class HTMLPurifierURIFilterMunge implements a URI filter that replaces all links with a formatted URL, for example, it can be used to...

5CVSS7.2AI score
Exploits0References3
Rows per page
Query Builder