Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'csrf'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. [Hidden Content]
  2. LazyCSRF LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, it does not support JSON parameters. It also uses the <form>, so it cannot send PUT/DELETE requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Those were the motivations for creating LazyCSRF. Features Support JSON parameter (like a request to the API) Support PUT/DELETE (only work with CORS enabled with an unrestrictive policy) Support displaying multibyte characters (like Japanese) Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition) The difference in the display of multibyte characters The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite. [hide][Hidden Content]]
  3. XSRF Probe XSRF Probe is an advanced Cross Site Request Forgery Audit Toolkit equipped with Powerful Crawling and Intelligent Token Generation Capabilities. Some Features: Performs several types of checks before declaring an endpoint as vulnerable. Can detect several types of Anti-CSRF tokens in POST requests. Works with a powerful crawler which features continuous crawling and scanning. Out of the box support for custom cookie values and generic headers. Accurate Token-Strength Detection and Analysis using various algorithms. Can generate both normal as well as maliciously exploitable CSRF proof of concepts. Well documented code and highly generalised automated workflow. The user is in control of everything whatever the scanner does. Has a user-friendly interaction environment with full verbose support. Detailed logging system of errors, vulnerabilities, tokens and other stuffs. The Workflow: The typical workflow of this scanner is :- Spiders the target website to find all pages. Finds all types of forms present on the each page. Hunts out hidden as well as visible parameter values. Submits each form with normal tokens & parameter values. Generates random token strings and sets parameter values. Submits each form with the crafted tokens. Finds out if the tokens are sufficiently protected. Generates custom proof of concepts after each successful bug hunt. Changelog v2.1 Some significant changes in this version: XSRFProbe now available as a package (aka can be installed via pip). Added full support of cookies while making requests. Fixed form-type bugs and added email type checks. Tweaked some modules for accuracy in CSRF detections. Major bug fixes removing support for build_opener libraries. Huge code optimizations (cleaning and stuff). [HIDE][Hidden Content]]
  4. WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  5. ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. View the full article
  6. Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities. View the full article
  7. Securifi Almond 2015 suffers from buffer overflow, command injection, cross site scripting, cross site request forgery, and various other vulnerabilities. View the full article
  8. Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities. View the full article
  9. phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  10. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  11. WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities. View the full article
  12. Lupusec XT2 Plus Main Panel with firmware 0l0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities. View the full article
  13. WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload. View the full article
  14. OrientDB version 3.0.17 GA Community Edition suffers from cross site request forgery and cross site scripting vulnerabilities. View the full article
  15. WordPress WP-DreamworkGallery plugin version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities. View the full article
  16. Joomla ModPPCSimpleSpotLight module versions 1.2 and 3.0 suffer from cross site request forgery and remote shell upload vulnerabilities. View the full article
  17. WordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities. View the full article
  18. Joomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities. View the full article
  19. WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities. View the full article
  20. PDF Signer version 3.0 suffers from a server-side template injection vulnerability that can help lead to remote command execution due to improper cookie handling and cross site request forgery issues. View the full article
  21. WordPress category-page-icons plugin version 3.6.1 suffers from cross site request forgery and remote shell upload vulnerabilities. View the full article
  22. Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability. View the full article
  23. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. View the full article
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.