Search the Community
Showing results for tags 'lfi'.
-
[Hidden Content]
-
Agartha is a penetration testing tool which creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. There are many different attack payloads exists, but Agartha creates run-time, systematic and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes easy to find user access violations. And additionally, it converts Http requests to JavaScript to help digging up XSS issues. In summary: Payload Generator: It creates payloads/wordlists for different attacks. Directory Traversal/Local File Inclusion: It creates file dictionary lists with various encoding and escaping characters. Remote Code Execution: It creates command dictionary lists for both unix and windows environments with different combinations. SQL Injection: It creates Batched Queries, Boolean-Based, Union-Based and Time-Based SQLi wordlist for various databases to help finding vulnerable spots. Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication related access violation issues. And Http Request to JavaScript Converter: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more. [hide][Hidden Content]]
-
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI. Note: I believe that Burp Pro is required to use this extension since it adds to the scanner functionality, which isn’t included in the Community version. [hide][Hidden Content]]
-
- 1
-
- burpparamflagger:
- indicate
- (and 6 more)
-
Exploits Joomla Fabrik 3.9 CSRF / LFI / Shell Upload
1337day-Exploits posted a topic in Updated Exploits
Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities. View the full article -
LibreHealth version 2.0.0 suffers from arbitrary file read, file delete, and local file inclusion vulnerabilities. View the full article
-
- librehealth
- 2.0.0
- (and 4 more)