-
Hi! I found an issue in remark42 engine.
When field "title" is missing in comment request and attacker send a malicious URL which is a part of locator struct on POST request to ```/api/v1/comment?si…
-
[link]https://github.com/PortSwigger/sqlmap-dns-collaborator[/link]
[tags]sqli,sqlmap,burpsuite,dns[/tags]
[short_descr]Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.…
-
[link]https://github.com/PortSwigger/collaborator-everywhere[/link]
[tags]burpsuite,backend[/tags]
[short_descr]Burp Suite extension which injects non-invasive headers to reveal backend systems.[/shor…
-
[link]https://github.com/PortSwigger/httpoxy-scanner[/link]
[tags]HTTPoxy,burpsuite,vulnerabilities,scanner[/tags]
[short_descr]A Burp Suite extension that checks for the HTTPoxy vulnerability.[/short…
-
[homepage]https://github.com/jonaslejon/malicious-pdf [/homepage]
[link]https://github.com/jonaslejon/malicious-pdf [/link]
[tags]bypass,pdf,backdoor [/tags]
[short_descr]💀 Generate a bunch of mali…
-
[homepage]https://github.com/jonaslejon/malicious-pdf [/homepage]
[link]https://github.com/jonaslejon/malicious-pdf [/link]
[tags]bypass,pdf,backdoor [/tags]
[short_descr]💀 Generate a bunch of mali…
-
[link]https://github.com/knassar702/lorsrf[/link]
[short_descr]Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.[/short_descr]
[tags]ssrf,oob[/tags]
[…
-
I believe I have found a zero day which allows an attacker to read files of the server by uploading a XML file in the following:
Configurations -> Languages -> Edit Language -> Import Resources -> …
-
[homepage] https://github.com/jonaslejon/malicious-pdf [/homepage]
[tags] all,malicious,pdf [/tags]
[short_descr] Generates a bunch of malicious pdf files with phone-home functionality. [/short_desc…
-
[link]https://github.com/PortSwigger/upload-scanner[/link]
[tags]burpsuite,vulnerabilities,fileupload,scanner[/tags]
[short_descr]HTTP file upload scanner for Burp Proxy.[/short_descr]
[long_descr]Whi…