Regular Expression Denial of Service

Overview In websocket-extensions before version 0.1.4, there is a vulnerability which allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a;...

Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

File upload vulnerability example analysis-vulnerability warning-the black bar safety net

Principles File upload is a Web application that often appear in the function,it allows users to upload files to the server and saved to a specific location. This security is a very sensitive issue, once the malicious program is uploaded to the server and get the Execute permission, the...

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security...

DDOSIM – Layer 7 DDoS Simulator !

ddosim is a tool that can be used in a laboratory environment to simulate a distributed denial of service DDOS attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts having random IP addresse...