what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Web2py 2.14.5 CSRF / XSS / Local File Inclusion
Posted May 16, 2016
Authored by Nahendra Bhati

Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, csrf
advisories | CVE-2016-4806, CVE-2016-4807, CVE-2016-4808
SHA-256 | 967983318fc0a206d3dfe9b11f666c89eaa24b3941dd90b7f0560b57b3f2d15a

Related Files

Web Application Reconnaissance And Mapping
Posted Mar 5, 2021
Authored by Rishabh Vats

This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.

tags | paper, web
SHA-256 | efa89877156455ecbe4998579276a2b7f88564aac2a446ce3a8fdb5d7a98c52c
Ubuntu Security Notice USN-4030-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10321, CVE-2016-3952, CVE-2016-3957
SHA-256 | a99087702bd4f64f9a186902fa43b09a473e58c2c4153bcd31bfc5a32d36a29e
Web Application Firewall Bypass Methods
Posted May 24, 2019
Authored by Samet ARATOGLU

Whitepaper called Web Application Firewall Bypass Methods. Written In Turkish.

tags | paper, web, bypass
SHA-256 | de3d6eb771b386a81807a989fe41fcd824480b3c78ac572e1d065e0f3b1e087a
Web Forensics
Posted May 10, 2018
Authored by ManhNho

Whitepaper called Web Forensics. Written in Vietnamese.

tags | paper, web
SHA-256 | 4313be75e482f4607ff1312eb8161fb803455180ad9c28771c972fa0be31b9e5
Web Application Penetration Testing
Posted Mar 20, 2018
Authored by Manh Pham Tien

This is a whitepaper that goes over methodologies for web application penetration testing. It is very thorough with examples and overviews.

tags | paper, web
SHA-256 | 5f258ff9e75dba499306df2a06fa89e9eebcc2fd3b3ee0b82a6a2a06f26b66fd
web2Project 3.3 Cross Site Scripting
Posted Nov 6, 2017
Authored by M.R.S.L.Y

web2Project version 3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4e6061f7049db3f6ee28110d571a346a4c51cc5a2b74c0aa52213cf848a52f78
Web Application Penetration Testing Techniques
Posted Jun 15, 2017
Authored by Ahmed Al Mutairi

This is a brief whitepaper written in Arabic that gives some examples of tools that can be used to hack systems.

tags | paper
SHA-256 | 2ae93e8c7e8325d75e32afcbb5a09b54616818e152807f8540adb0a73c0988b2
Web Application Security And Secure Coding 101
Posted Sep 26, 2016
Authored by Oguzhan Karaaslan

Whitepaper called Web Application Security and Secure Coding 101. Written in Turkish.

tags | paper, web
SHA-256 | 4617d9595435cd82f54a38fe3348dd6f44d8b8970663a5f7568e57d4c3deb47b
web2Project 3.1 SQL Injection
Posted Jun 18, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

web2Project version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3119
SHA-256 | 6563ec017097f58cee38cd13098192c9c9cc78f8142068a0465b826f646289e2
WebBoard CMS Cross Site Scripting
Posted May 28, 2014
Authored by IeDb

WebBoard CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b29c1580f47d8601f307bc2caa6aecf04ecec822a34b0158d188ae66779fdd6d
Web Soul 2 Scanner
Posted Jun 17, 2013
Authored by Am!r | Site irist.ir

Web Soul is a plugin based scanner for attacking and data mining web sites. Written in Perl.

tags | tool, web, scanner, perl
systems | unix
SHA-256 | ca415409ae86c574f541ca482e698ed751209791460f27cc6c8ca5dd4207e578
Web Malware Collection
Posted Sep 30, 2012
Authored by infodox

This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.

tags | tool, web, rootkit
systems | unix
SHA-256 | b5640ce9c2b5fa07e026765766d34a8d841fe1a2e49b829ad5ddb72b3996a63b
WEBBISH SQL Injection
Posted Sep 21, 2012
Authored by Net.W0lf, Hack Center Security Team

WEBBISH suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | b247ed0000e09e28e57cfd297523dbdb3511ff7ce8f9462f31f26a032b74f6e7
Web Biz India SQL Injection
Posted Sep 14, 2012
Authored by Net.W0lf, Hack Center Security Team

Web Biz India suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, web, sql injection
SHA-256 | 4c8b887299c6bb74d5f1c320fa89562c99f21650029fb5407ef1a7bfbf936e82
Web@All CMS 2.0 Shell Upload / Local File Inclusion
Posted Sep 6, 2012
Authored by KedAns-Dz

Web@All CMS version 2.0 suffers from remote shell upload and local file inclusion vulnerabilities.

tags | exploit, remote, web, shell, local, vulnerability, file inclusion
SHA-256 | 89fe4d72c6e0633b4f99cb3605416a0313e9dc5ff6be7db1ec4dabe98a5e2d72
WebActive CMS Cross Site Scripting
Posted Sep 5, 2012
Authored by Crim3R

WebActive CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 06ca5537ec176b55226bb1154d665486d19cd96b2f84831e8364e0d25770fb28
Web@All 2.0 Cross Site Request Forgery / Cross Site Scripting
Posted Jun 21, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Web@All version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
advisories | CVE-2012-3231, CVE-2012-3232
SHA-256 | d25d5ad1ddb1de7212645fc16e7b47dc50410239fbb34e4de53c1aac5b358024
Web Application Security 101
Posted Jun 14, 2012
Authored by Mehmet Ince

This is a brief whitepaper that discusses various types of vulnerabilities found in web applications. It is written in Turkish.

tags | paper, web, vulnerability
SHA-256 | 8446334b51d3002cf9d002cb56e09e3d69279e97044d49eee38394c89659e221
WeBaCoo (Web Backdoor Cookie) 0.2.3
Posted Mar 13, 2012
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Single command execution mode. Multi HTTP methods support. Download / Stealth extension modules. Various other updates.
tags | tool, web, rootkit
systems | linux, unix
SHA-256 | 087283a5e4ae66b6ac53dccfd5878fe22ca5d12bcebb302675d4406e23575560
Advantech/Broadwin HMI/SCADA RPC Remote Code Execution
Posted Feb 6, 2012
Authored by Z0mb1E, amisto0x07

Advantech/Broadwin HMI/SCADA WebAccess 6.x.x/7.x.x universal network RPC exploit that creates an executable file and launches the process on the affected system. webaccess.universal.exploit.rar@z%uxp!@#uzstxy! is the password for the archive.

tags | exploit
SHA-256 | 30250336db22255112ee2602bb7c0251730d7ecc01eae9a4930d37a1e06e24be
WeBaCoo (Web Backdoor Cookie) 0.2.2
Posted Feb 2, 2012
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Support for extension modules, MySQL CLI extension module, Upload extension module, various other additions.
tags | tool, web, rootkit
systems | unix
SHA-256 | 586fbad973ea45413a2213504358a5aee068c791511b7cdb2756e9cc84cdcf2c
WeBaCoo (Web Backdoor Cookie) 0.2
Posted Dec 19, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Built in Tor proxy support. New random delimiter string for each request. Various other updates.
tags | tool, web, rootkit
systems | unix
SHA-256 | 8e6fe6a513916c776350b0cbff29427e8719a4d3095dfe4fdd3b4ad34e3bde2e
WeBaCoo (Web Backdoor Cookie) 0.1.2
Posted Dec 9, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

tags | tool, web, rootkit
systems | unix
SHA-256 | 6e46638034d12ee47a4a4955583b5065ffc4d0142d553c15fc90abbf42ca5b89
Web Backdoors - Attack, Evasion And Detection
Posted Dec 6, 2011
Authored by FB1H2S

Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.

tags | paper, web
SHA-256 | b1a5cd53ac0ba93fa6ae8a95e647a33652ee817065946819d8fc813efa6fdce6
Web Art Studio SQL Injection
Posted Aug 26, 2011
Authored by Ehsan_Hp200

Web Art Studio suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | b66f635a49212df0ef903de41ccd4401035d83617be6c59c772e786ada092800
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close