COVID19 Testing Management System 1.0 - (State) Stored Cross-Site-Scripting Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting XSS Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Server: XAMPP...

COVID-19 Testing Management System 1.0 Cross Site Scripting

Exploit Title: COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting XSS Date: 11/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting XSS Date: 11/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS

Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...

BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D

Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically and quickly deploys a small HELK + Velociraptor R...

How purple teams can embrace hacker culture to improve security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...

Exploit for Improper Input Validation in Pypa Pip

CVE-2021-3572 This repository is designed for testing CVE-202...

Exploit for SQL Injection in Zabbix

This repository is an offensive tool for various vulnerability exploitation and testing. It contains a collection of tools and scripts for identifying and exploiting vulnerabilities in various software and systems. The repository includes tools for testing web applications, network services, and...

What is API Testing❓ Benefits, Types, How To Start

Introduction APIs are becoming very important in our modern world and as technology rises, so will our reliance on APIs. Everything that communicates on the internet these days is talking to an API Application Programming Interface and as we implement them in our technologies we also need to take...

COVID-19 Testing Management System 1.0 SQL Injection

Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Authentication Bypass Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.08.2021 Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Link:...

Exploit for Improper Input Validation in Pypa Pip

CVE-2021-3572 This repository is designed for testing CVE-202...

Deploying EFBs securely

It may come as a surprise to some to discover that electronic flight bag security at airlines is often quite variable. Whilst some use an MDM, a lot don’t. Of those who do, PINs are often weak. Some airlines actively encourage pilots to use their devices for personal use. We’ve heard stories of a...

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more. The environments are designed to be easily reproducible and can be used for testing and training...

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The Metasploit Framework is a powerful tool for penetration testing and vulnerability assessment. It provides a comprehensive platform for identifying and exploiting vulnerabilities in various systems and applications. The framework...

BasicNote 1.1.9 Denial Of Service

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is...

BasicNote 1.1.9 - Denial of Service (PoC)

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is...

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probabl...

Rapid7 Named a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing

Rapid7 is excited to share that we have been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing AST We are so excited to share the news that Rapid7 has been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing.Thi...

Creating coefficiency: DevOps, Security, and Compliance

Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...