Locked xcat v1.0.5 - exploit and investigate blind XPath injection

By itsMe
March 27, 2020 in Pentesting

Followers 0

Start new topic

Recommended Posts

itsMe

Posted March 27, 2020

- Share

Posted March 27, 2020

This is the hidden content, please

XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.

For a complete reference read the documentation here:

This is the hidden content, please

It supports an large number of features:

Auto-selects injections (run xcat injections for a list)

Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval

    Built in out-of-bound HTTP server
        Automates XXE attacks
        Can use OOB HTTP requests to drastically speed up retrieval

Custom request headers and body

    Built in REPL shell, supporting:
        Reading arbitrary files
        Reading environment variables
        Listing directories
        Uploading/downloading files (soon TM)

    Optimized retrieval
        Uses binary search over unicode codepoints if available
        Fallbacks include searching for common characters previously retrieved first
        Normalizes unicode to reduce the search space

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- exploit AuthMeBridge Exploit
  
  By ~~tify~~ , May 15, 2023
  - minecraft
  - authmebridge exploit
  - (and 4 more)
    
    Tagged with:
    
    minecraft
    
    authmebridge exploit
    
    authmebridge
    
    minecraft exploits
    
    minecraft exploit
    
    exploits
  - 0 replies
  - 359 views
- OpenAI Davinci v1.7 - AI Writing Assistant and Content Creator as SaaS - Nulled
  
  By itsMe, April 28, 2023
  - nulled
  - saas
  - (and 8 more)
    
    Tagged with:
    
    nulled
    
    saas
    
    creator
    
    content
    
    and
    
    assistant
    
    writing
    
    v1.7
    
    davinci
    
    openai
  - 0 replies
  - 444 views
- TweakNow WinSecret Plus! for Windows 11 and 10 4.6.0
  
  By itsMe, April 27, 2023
  - tweaknow
  - winsecret
  - (and 5 more)
    
    Tagged with:
    
    tweaknow
    
    winsecret
    
    plus!
    
    for
    
    windows
    
    and
    
    4.6.0
  - 0 replies
  - 281 views
- Ai2Pen v2.7 – AI Writing Assistant and Content Generator (SaaS Platform) - Nulled
  
  By itsMe, April 27, 2023
  - (saas
  - platform)
  - (and 8 more)
    
    Tagged with:
    
    (saas
    
    platform)
    
    nulled
    
    generator
    
    content
    
    and
    
    assistant
    
    writing
    
    v2.7
    
    ai2pen
  - 0 replies
  - 432 views
- x1 Sling Orange and Sling Blue, Sports Extras, World Cricket Mini
  
  By itsMe, April 25, 2023
  - sling
  - orange
  - (and 7 more)
    
    Tagged with:
    
    sling
    
    orange
    
    and
    
    blue,
    
    sports
    
    extras,
    
    world
    
    cricket
    
    mini
  - 0 replies
  - 166 views

Sign In

Locked xcat v1.0.5 - exploit and investigate blind XPath injection

Recommended Posts

itsMe

Link to comment

Share on other sites

Similar Content

exploit AuthMeBridge Exploit

OpenAI Davinci v1.7 - AI Writing Assistant and Content Creator as SaaS - Nulled

TweakNow WinSecret Plus! for Windows 11 and 10 4.6.0

Ai2Pen v2.7 – AI Writing Assistant and Content Generator (SaaS Platform) - Nulled

x1 Sling Orange and Sling Blue, Sports Extras, World Cricket Mini

Browse

Activity

Store

Important Information