Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Microsoft Baseline Security Analyzer 2.3 XML Injection

      Recommended Posts

      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Hide My WP is the number one security plugin for WordPress. It hides your WordPress from attackers, spammers and theme detectors. Over 26,000 satisfied customers use Hide My WP. It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in waybackmachine.
          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exist and accessible
              Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
               Search S3 buckets in source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.6.7
              Add: Option –auth for HTTP authentification. Exemple –auth admin:admin
              Fixed: Bugs

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like performing vulnerability scans, malware analysis, and incident response. With some help from Mono, you can write your own practical security tools that will run on Mac, Linux, and even mobile devices.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X).
          It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest Box, Parrot Security OS, ArchStrike, or BlackArch Linux.
          This software is developed using great open-source libraries like Spring, Spock, and Hibernate, and it uses the platform Travis CI for continuous integration.
          Each program update is tested with Java version 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution on multi-threading, devops, unit and integration tests, and optimization.
          Features
              Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica
              Multiple injection strategies: Normal, Error, Blind and Time
              SQL Engine to study and optimize SQL expressions
              Injection of multiple targets
              Search for administration pages
              Creation and visualization of Web shell and SQL shell
              Read and write files on the host using injection
              Bruteforce of password’s hash
              Code and decode a string
          Changelog jSQL Injection v0.83
              Various new preferences like thread control, User-agent, Zip, and Dios modes
              Add 11 database engines: a total of 34 engines
              Multi modules for continuous integration
              Fingerprint, stability, and more

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Carnivore – Microsoft External Attack Tool
          Overview: Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality.
          In general, the tabs will unlock in-line with what functionality you can use. Ie – the post auth options will unlock after you have discovered valid credentials.
          Feature
          Subdomain Enumeration
          Username Enumeration
          Smart Enumeration
          9 lists of statistically likely usernames
          Automatically selects likely format
          Legacy vs Modern Format
          Password Spraying
          Discovered Format
          Pre-built lists
          Post Compromise

          Hidden Content
          Give reaction to this post to see the hidden content.