WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...

What DNA testing kit companies are really doing with your data

Sarah hovered over the mailbox, envelope in hand. She knew as soon as she mailed off her DNA sample, there’d be no turning back. She ran through the information she looked up on 23andMe’s website one more time: the privacy policy, the research parameters, the option to learn about potential healt...

5 New Nonlethal Weapons the Defense Department Is Developing

The US Department of Defense's Joint Non-Lethal Weapons Program is testing a new arsenal powered by lasers, plasma, chemical irritants, and more...

Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

Why you need to know about Penetration Testing and Compliance Audits?

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable...

Osmedeus - Automatic Reconnaisance And Scanning In Penetration Testing

Automatic Reconnaisance and Scanning in Penetration Testing What is Osmedeus? Osmedeus allow you to doing boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools. Installation git clone https://github.com/j3ssie/Osmedeus cd...

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable docker environments, including a web application vulnerable to various attacks. The tool is designed to help developers and security researchers test and demonstrate the effectiveness of web...

[SECURITY] Fedora 28 Update: python37-3.7.1-1.fc28

Python 3.7 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, update your Fedora to a newer version once Python 3.7 is stable...

[SECURITY] Fedora 28 Update: python33-3.3.7-6.fc28

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python33-3.3.7-3.fc27

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

Automatic SQL injection and database takeover tool: sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, what requests look like and to test simple things like XSS injection. At the same time, it’s really hard for me to do something more complicated, like implementing custom fuzzing with having to...

Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, what requests look like and to test simple things like XSS injection. At the same time, it’s really hard for me to do something more complicated, like implementing custom fuzzing with having to...

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

The Windows VBScript Engine RCE vulnerability of CVE-2018-8174 analysis and use-vulnerability and early warning-the black bar safety net

A, vulnerability introduction The VBScript Engine handles objects in memory there is a remote code execution vulnerability. The vulnerability could an attacker can in the current context of the user in the execution of arbitrary code in the way to spoil the memory. Successful exploitation of this...

Parrot Security 4.3 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.3 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Linux 4.18 Linux was updated to the 4.18.10 version, and linux 4.19 will be released soon. Firefox 63 Firefox 63 provides...

Jelastic 5.4 - host SQL Injection

Jelastic 5.4 - host SQL Injection Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...

Kali Linux 2018.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

Welcome to our fourth and final release of 2018, Kali Linux 2018.4, which is available for immediate download. This release brings kernel up to version 4.18.10, fixes numerous bugs, includes many updated packages, and a very experimental 64-bit Raspberry Pi 3 image. New Tools and Tool Upgrades...

DarkSpiritz v2.0 - A Penetration Testing Framework For Linux, MacOS, And Windows Systems

A penetration testing framework for Linux and Windows systems. What is DarkSpiritz? Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular...