Exchange2010 authorized RCE. Contribute to Airboi/CVE-2020-17144-EXP development by creating an account on GitHub.

Abstract PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner w

Playground. Contribute to RenwaX23/X development by creating an account on GitHub.

It has been quite a year, I hope everyone is well and staying safe. This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back…

Android unpacker powered by #Frida working on all the #Android OS versions (Android 4-11). Defeat Java #packers via #Frida instrumentation 📱🛠️github.com/enovella/fridr… //c @fridadotre

Small #SSTI trick: Blind Template Injection with handling of some sandbox escapes. Payload in the workshop below. #dns #freemarker #pentest #BurpSuite Based on work from @olekmirosh and @pwntester https://t.co/H1YxMeD4o1

A tool that implements the Golden SAML attack. Contribute to cyberark/shimit development by creating an account on GitHub.

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Some time last year, I came across a Burp extension on Github that replicates the Invoke Applications functionality from OWASP ZAP in Burp....

, or why being too quick can lead to a false positive

Learn how to use Frida for Android penetration testing, including hooking, injecting, and analyzing Android apps for security vulnerabilities.