Search the Community
Showing results for tags 'request'.
-
Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. [hide][Hidden Content]]
-
I would like to request forum's best people to crack this RAT for community. Pekka RAT is a copy of Cypher Rat with all advanced Android Rat Features. Got this file from a user of Pekka Rat File is given below. Picture Password: PekkaRat.com [Hidden Content]
- 2 replies
-
- 16
-
- pekka rat
- cypher rat
-
(and 10 more)
Tagged with:
-
http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. [hide][Hidden Content]]
-
- http2smugl:
- detect
- (and 5 more)
-
ssrf-king SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist ✔️ It will soon have a user Interface to specify your own call back payload It will soon be able to test Json & XML Features ✔️ Test all of the requests for any external interactions. ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect. ✔️ Alerts the user for any external interactions with information such as: Endpoint Vulnerable Host Location Found It also performs the following tests based on this research. Scanning Options ✔️ Supports Both Passive & Active Scanning. Example Load the website you want to test. Load the plugin. Keep note of the Burp Collab Payload. Passively crawl the page, ssrf-king test everything in the request on the fly.SSRF Detection When it finds a vulnerability it logs the information and adds an alert. From here onwards you would fuzz the parameter to test for SSRF. SSRF-King v1.12 I have released v1.12 that has a small UI Design where you can specify your own call-back payload. Changes: Implemented checkbox for http:// and https:// Plugin now uses JDK 14 code compliance 9 which should work with all versions, let me know if it doesn't Bug fixes: Fixed parameter testing. When it reported a X-Forwarded-Host it came up as X-Forwarded-For The test cases for the following are now fixed and work. [hide][Hidden Content]]
-
- 1
-
- ssrf-king:
- automates
- (and 5 more)
-
HI Guys , Want Uniq Android RAT to access Android Smartphone , i want send Batch file like , pdf , picture , Doc binded with server , i want see what she did & what she call , camera , sound , ...etc . including Spread if Possible Payment : BTC
-
As title says i request Walmart USA checker/config with capture (CC, balance, giftcard etc...)
-
I think remove the view this by giving reaction is better, because there I prefer to give like, thanks reaction purely because I respect the post maker, plus please add specific thread for reporting site bug or request feature, sorry I am not good in english but I hope admin understand what I meant
-
Exploits Bolt CMS 3.6.10 Cross Site Request Forgery
1337day-Exploits posted a topic in Updated Exploits
Bolt CMS version 3.6.10 suffers from a cross site request forgery vulnerability. View the full article -
Exploits LayerBB 1.1.3 Cross Site Request Forgery
1337day-Exploits posted a topic in Updated Exploits
LayerBB version 1.1.3 suffers from a cross site request forgery vulnerability. View the full article -
phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. View the full article
-
- phpmyadmin
- 4.9.0.1
- (and 4 more)
-
Exploits Enigma NMS 65.0.0 Cross Site Request Forgery
1337day-Exploits posted a topic in Updated Exploits
Enigma NMS version 65.0.0 suffers from a cross site request forgery vulnerability. View the full article -
This is an extension for Burp Suite designed to help you launch [Hidden Content] attacks, originally created during [Hidden Content] research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. Install The easiest way to install this is in Burp Suite, via Extender -> BApp Store. If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load build/libs/http-request-smuggler-all.jar Compile [Hidden Content] is a dependency of this project, add it to the root of this source tree as turbo-intruder-all.jar Build with gradle fatJar Use Right click on a request and click 'Launch Desync probe', then watch the extension's output pane under Extender->Extensions->HTTP Request Smuggler If you're using Burp Pro, any findings will also be reported as scan issues. For more advanced use watch the [Hidden Content] Practice We've released [Hidden Content] Source & Download [hide][Hidden Content]]
-
Exploits Django CRM 0.2.1 Cross Site Request Forgery
1337day-Exploits posted a topic in Updated Exploits
Django CRM version 0.2.1 suffers from multiple cross site request forgery vulnerabilities. View the full article -
openITCOCKPIT version 3.6.1-2 suffers from a cross site request forgery vulnerability. View the full article
-
- openitcockpit
- 3.6.1-2
- (and 4 more)