[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration

Advisory: rexx Recruitment Cross-Site Scripting in User Registration RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to suc...

rexx Recruitment Cross Site Scripting

Advisory: rexx Recruitment Cross-Site Scripting in User Registration RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to suc...

[RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard

Advisory: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's ePO dashboard feature. Users with the ability to create new dashboards in the ePO web interface who exploi...

McAfee ePolicy Orchestrator XML External Entity Expansion

Advisory: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's ePO dashboard feature. Users with the ability to create new dashboards in the ePO web interface who exploi...

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...

[Bugtroid] Pentesting for Android

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...

[Hasere v0.2] Discover vHosts using Google and Bing

Hasere is a tool that can discovery the virtual hosts and related filetype using google and bing search engines. Optionally, it uses the nmap to determine the ip addresses which have 80 or 443 opened port. After that it uses the bing search engine to determine which domains were hosted or have be...

[Laudanum] Collection of injectable files

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others. Download Laudanum...

[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)

Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

Kali Applications Automatic Installer Script: KAAIS

KAAIS Kali Applications Automatic Installer Script Let’s you easily install some applications which doesn’t come by default with the Kali Linux distribution. It’s user friendly and it incorporates some other things. It also gets updated regularly. Features Skype VideoChat Application TeamViewer...

vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

vBulletin vBShout Mod - Persistent Cross-Site Scripting

vBulletin vBShout Mod - Persistent Cross-Site Scripting Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

vBulletin vBShout Mod - Persistent Cross-Site Scripting

Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=product&productid=2 Version: vBulletin 3.8.x, vBulletin 4.x.x,...

vBulletin vBShout Mod - Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting

vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

vBulletin Advanced User Tagging Cross Site Scripting

Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product Version: vBulletin 3.8.x,...

Exim sender_address Parameter - RCE Exploit

Exploit for linux platform in category remote exploits !/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM...

Exim sender_address Remote Command Execution

!/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM http://rdtx.eu/exim-with-dovecot-lda-rce-exploit/ USAGE Edit the PERL REVERS...

Exim - 'sender_address' Remote Code Execution

!/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM http://rdtx.eu/exim-with-dovecot-lda-rce-exploit/ USAGE Edit the PERL REVERS...