Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

aiohttp: DoS when trying to parse malformed POST requests

An infinite loop flaw was found in aiohttp when handling POST multipart/form-data requests. This flaw allows an attacker to send a specially crafted request, leading the server to enter an infinite loop and render it unable to process any further requests. This denial of service can be triggered ...

LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting Vulnerability

LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities. Exploit Title: LANGO - Codeigniter Multilingual Script 1.0 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Lin...

[XSSless] An automated XSS payload generator written in python

An automated XSS payload generator written in python. Usage 1. Record requests with Burp proxy 2. Select requests you want to generate, then right click and select "Save items" 3. Use xssless to generate your payload: ./xssless.py burpexportfile 4. Pwn! A more detailed tutorial can be found here...