25 matches found
DEBIAN-CVE-2022-21708
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL...
HackerOne: Putting link inside link in markdown
Hello. I was playing around in markdown editor and find 1 interesting feature. You can put a link inside link. ololol l l:http://dwq If you do it ololol will be parsed first, then result of parsing will be send outside. Maximum depth of such link inserting is 16. So the slowest thing we can do is...
IBM Lotus Notes Sametime User Enumeration
This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack which is preferred, or a bruteforce attack trying all usernames of MAXDEPTH length or less. This module requires Metasploit: https://metasploit.com/download Current source:...
archive_dot_org
This plugin does a search in archive.org and parses the results. It then uses the results to find new URLs in the target site. This plugin is a time machine ! Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- maxdepth | integer | 3 | Maximum recursion...
http-open-redirect NSE Script
Spiders a website and attempts to identify open redirects. Open redirects are handlers which commonly take a URL as a parameter and responds with a HTTP redirect 3XX to the target. Risks of open redirects are described at . Only open redirects that are directly linked on the target website can be...