Code Injection

WebARX is a web application firewall where you can protect your website from malicious attacks. As you can see it was mentioned in TheHackerNews as well and has good ratings if you do some Googling…

Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it…

Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into…

▶ Enter the awesome iMyFone Halloween giveaway contest and get your iPhone 11 for FREE at this link*: http://bit.ly/2BKlKJI In this video, we're discussing @...

A detailed paper on Jenkins Pre-Auth RCE . Contribute to SpiderMate/Paper-on-Jenkins-Rce development by creating an account on GitHub.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline. - GitHub - TheHackerDev/race-the-web: Tests for race conditions in web app...

In previous posts we saw two techniques to bypass firewalls through custom stagers to locate and reuse the connection socket; on the one ha...

Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.

Bypass XSS filter methodologies, techniques, tips. Cross Site Scripting (XSS) is a Web application attack in the data output to the page

Overview In the real world, while I was pentesting a financial institute I came across a scenario where they had an internal intranet and it was using MySQL 5.7 64-bit as the backend database techn…

Firefox mXSS <img id="<img src=1 onerror=alert(1)>"> based on @SecurityMB's work. Is triggered when you use something like template to read the innerHTML.

Intro

A simple SSRF-testing sheriff written in Go. Contribute to teknogeek/ssrf-sheriff development by creating an account on GitHub.