24 matches found
Authentication Bypass Vulnerability in Weetop CMS Backend
Weetop CMS is a web content management system developed by Hangzhou Tintop Technology Co. An authentication bypass vulnerability exists in the Weetop CMS V2.0 administration backend in the login session check processing mechanism. An attacker can bypass the forced jump without login by disabling...
JudasDNS - Nameserver DNS poisoning attacks made easy
A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas's rule configurations which allow you to change DNS responses depending on...
RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)
Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...
Cross-site scripting cookie theft
Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...