Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder

OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x , for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, Okadminfinder has the the ability to use tor and hide your identity. Requirements Linux sudo a...

Critical: thunderbird

Issue Overview: When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default...

CVE-2019-1841 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S

0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...

Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit

This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains a...

[SECURITY] Fedora 29 Update: wget-1.20.3-1.fc29

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...

XanXSS - A Simple XSS Finding Tool

XanXSS is a reflected XSS searching tool DOM coming soon that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: /cLIcKMe!XaNxss With XanXSS every payload is different. XanXSS wor...

Insecure Default Configuration

tesseract.js is vulnerable to insecure default configuration attacks. The vulnerability exists through the default use of the crossorigin.me proxy which allows the potentially unsafe proxy to obtain sensitive data...

WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Vulnerability

Exploit for php platform in category web applications WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter...

Insecure Default Configuration

Overview Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Recommendation Upgrade to version 1.0.19 or later...

WinPwn - Automation For Internal Windows Penetrationtest

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...

USN-3927-1: Thunderbird vulnerabilities

It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. CVE-2018-18506 Multiple security...

CVE-2019-5737

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

openSUSE Security Update : Chromium (openSUSE-2019-977)

This update to Chromium version 71.0.3578.80 fixes security issues and bugs. Security issues fixed boo1118529 : - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium -...

New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps

Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications. Since almost all Facebook-owned apps by default use security mechanisms such as Certificate...

[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...

Remote command injection through an endpoint security product

TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in 650,000 PCs for around...

50m-ctf: Writeup Hackerone 50M CTF

Writeup Hackerone 50m CTF First stage of this ctf we need to solve an hidden file from an image which posted by HackerOne at twitter https://twitter.com/hacker0x01/status/1100543680383832065?lang=en. I tried to run bunch of steganography tools and i found something with zteg the exact command is...