5327 matches found
wsdl_finder
This plugin finds new web service descriptions and other web service related files by appending "?WSDL" to all URLs and checking the response. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...
response_splitting
This plugin will find response splitting vulnerabilities. The detection is done by sending "w3af\r\nVulnerable: Yes" to every injection point, and reading the response headers searching for a header with name "Vulnerable" and value "Yes". Plugin type Audit Options This plugin doesnt have any user...
bing_spider
This plugin finds new URLs in Bing search engine. One configurable parameters exist: resultlimit This plugin searches Bing for : "site:domain.com", requests all search results and parses them in order to find new URLs. Plugin type Crawl Options Name | Type | Default Value | Description | Help...
http_vs_https_dist
This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...
fingerprint_os
This plugin fingerprints the remote web server and tries to determine the Operating System family Windows, Unix, etc.. The fingerprinting is at this moment really trivial, because it only uses one technique: windows path separator in the URL. For example, if the input URL is...
file_upload
This plugin greps every page for forms with file upload capabilities. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
private_ip
This plugin greps every page body and headers for private IP addresses. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
rnd_path
This evasion plugin adds a random path to the URI. Example: Input: /bar/foo.asp Output : /aflsasfasfkn/../bar/foo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...
xpath
This plugin finds XPATH injections. To find this vulnerabilities the plugin sends the string "dz0" to every injection point, and searches the response for XPATH errors. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and...
Resin Application Server 4.0.36 XSS / Source Code Disclosure
Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...
Resin Application Server 4.0.36 - Source Code Disclosure
Resin Application Server 4.0.36 - Source Code Disclosure Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java...
Resin Application Server 4.0.36 - Source Code Disclosure
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...
WPA Cluster Cracker: Moscrack
Moscrack WPA Cluster Cracker Moscrack facilitates the use of a WPA cracker on a cluster. Currently it works with Mosix clustering software, SSH, RSH and Pyrit. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to seperate processes that run...
Resin Application Server 4.0.36 Source Code Disclosure
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability
Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...
php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net
Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips The original text please refer to the PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =,= I...
EasyTalk微博客官网可被入侵并且添加源码后门
简要描述: 成功的入侵事件,可添加源代码后门。 详细说明: nginx解析问题 漏洞证明:...
Triangle MicroWorks Improper Input Validation
OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...
74CMS talent system v3. 2 injection& full version pass rounded out the background-bug warning-the black bar safety net
Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...
Chinese hackers who breached Google in 2010 gained access to thousands of surveillance orders
In 2010, as part of what has been dubbed as Operation Aurora, Chinese hackers infiltrated a special database within Google's systems and gained access to a sensitive database worth of information about American surveillance targets. Google reported the hack publicly years ago, saying that the...