REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

Zeus-Scanner - Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps

Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...

E-Sic Software livre CMS - q Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: E-Sic Software livre CMS - Blind SQL Injection Exploit Author: Guilherme Assmann Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...

Zeus Scanner - Advanced Dork Searching Utility

Zeus is a advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search default is Google. Zeus has a powerful...

IWEBSOUL CMS 1.0 SQL Injection Vulnerability

IWEBSOUL CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Title: ======= IWEBSOUL CMS - Multiple SQL Injection Vulnerabilities & Authentication Bypass Introduction: ============== Intrepid Websoul Private Limited - iWebsoul is a rapidly...

SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

I Recommend This <= 3.8.1 - Authenticated SQL Injection

Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...

Muviko 1.0 SQL Injection

Exploit Title: Muviko - Video CMS v1.0 a 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...

Muviko 1.0 - q SQL Injection

Muviko 1.0 - q SQL Injection Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a...

EDUMOD Pro 1.3 - SQL Injection

EDUMOD Pro 1.3 - SQL Injection Exploit Title: School Management System | EDUMOD Pro v1.3 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/school-management-system-edumod-pro/19764430?srank=288 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

Muviko 1.0 - &#039;q&#039; SQL Injection

Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...

Joomla CCNewsLetter 2.1.9 Component - sbid Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...

Joomla! Component CCNewsLetter 2.1.9 - &#039;sbid&#039; SQL Injection

"Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/ Version: = 2.1.9 Final Version Tested on:...

Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection

Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...

Joomla CCNewsLetter 2.1.9 SQL Injection

Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/ Version: = 2.1.9 Final Version Tested on: Win,Linux Google Dork: inurl:"index.php?option=comccnewsletter"...

NagaScan - Distributed Passive Scanner for Web Application

What is NagaScan NagaScan is a distributed passive vulnerability scanner for Web application. What NagaScan do NagaScan currently support some common Web application vulnerabilities, e.g. XSS, SQL Injection, File Inclusion etc How NagaScan work Config a proxy, e.g. Web Browser proxy or mobile Wi-...

Joomla! Component JoomRecipe 1.0.4 - &#039;search_author&#039; SQL Injection

Exploit Title: Joomla JoomRecipe 1.0.4 Component - Blind SQL Injection Vulnerability Date: 20.07.2017 Exploit Author: Teng Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/ Version: 1.0.4 Platform:...