9 matches found
erebus
EREBUS Web application security assessment framework. For...
xss
CSS Style Sheet Mutation alert"This is a test" alert"...
RedTrace
RedTrace v3.0 — Web Vulnerability Scanner Professional-grad...
Exploit for Deserialization of Untrusted Data in Facebook React
Chain Reaction High-Performance Rust Scanner for React Serv...
Server-Side Request Forgery (SSRF)
Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insecure and unsanitized use of the x-forwarded-proto and x-forwarded-port headers when constructing URLs, which allows an attacker to manipulate these headers to bypass protected routes, poison caches, trigger...
SMTP2GO BBP: Origin IP found, WAF Cloudflare Bypass
Description: I have discovered that the http://172.105.190.180/login/ site exposed it's IP which could allow bypassing of anti-DDoS mechanisms i.e you are using Cloudflare for protection. For Originate IP address which I found from https://search.censys.io/ By using these IP address as a resolver...
Stopping Active Attacks with Penalty Box
A web application firewall WAF is most often used by organizations for external security controls to detect and block individual attack attempts against target web application assets. Open Web Application Security Project OWASP risk rating methodology Unfortunately, today's sophisticated web...
FAST or Burp or both?
By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...
cmseasy 最新版SQLl注入(第八次绕WAF)
简要描述: 继续绕啊绕啊 详细说明: cmseasy 终于更新了 看了下对比文件,那修复无法吐槽 function LiveMessage$a global $db; $sessionid = $SESSION'sessionid'; $name = addslasheshtmlspecialchars$a'name'; $email = addslasheshtmlspecialchars$a'email'; $country = htmlspecialchars$a'country'; $phone = htmlspecialchars$a'phone'; $departmentid...