A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
55aef9cbf06435171aad139605e96ea9
This is a brief write up noting javascript backdoors left in common PHP shells.
465a8584e9016e457c0c418a061e0cce
This is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.
73e524a4ddc4355c68f3fdb4ff3a21ef
This is a brief write up discussing exploitation of the cross site request forgery vulnerability discovered in the Cisco EPC3925 router.
6c2e7a9baecf07b4701344e74d2cdf35
This is a brief write up discussing a root cause analysis of why spawning calc.exe triggered a stack overflow.
6cf6663c4ae9aadd82ad553d36e41a07
This is a brief write up that provides a shell script for passwording a shell bound with netcat.
51e9b10d4fe378456c10d15d7eae41e1
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
2a72aa39ac2270394d6cad78bd6d074a
Proxy Check is a tool that includes a website to automate testing for web proxy content filtering. It has a battery of tests that includes looking for typically malicious URLs, several PDF exploits, and more.
262f80ad85d00dbf3981777636d6d463
This is a brief write up discussing Google V8 server-side javascript (SSJS) injection.
527af13953c1ae84cb4320287a31dcd6
This is a brief write up discussing time-based NoSQL injection attacks using javascript.
91d28ae50067e7a25392529916fe2966
This is a brief write up discussing how to leverage cross site scripting and shell upload vulnerabilities in eyeOS versions prior to 1.9.0.3.
a7dfc57edaa98567723a299e7e28878f
This is a brief write up with examples on how to perform DNS spoofing using Scapy. Written in Indonesian.
e982013f0c40b4c923c48be85dec0b98
Proxyroll.com Clone PHP Script suffers from an insecure cookie handling vulnerability that allows for price manipulation.
571ded1de6ea27947ec0113d18b516cc
This Metasploit module exploits a stack overflow in Proxy-Pro Professional GateKeeper 4.7. By sending a long HTTP GET to the default port of 3128, a remote attacker could overflow a buffer and execute arbitrary code.
236e4cbd21b904c274d433570efd4292
This is a brief write up discussing blind SQL injection attacks. Written in French.
aafae831b86f6848c01eef65c9a18f3e
Proxy List Script suffers from a cross site scripting vulnerability.
656f6399433d5be010185acae3e5302b
Proxy Harvesting tool that uses google and evaluates the sites.
41ea51a7d61f68c5ff44eaaa07ff9887
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
d188669d4f40454a187abe673f3e9b86
ProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Windows version. Written in Python.
bd80bf552c714af9a119ea7644e9f236
ProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Linux / Mac OSX version. Written in Python.
c21708cc21671b83f1bd286f0407e4bb
This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver. It is primarily useful when verifying false positives from automated vulnerability assessment tools.
fb11bbbc4ef1b48fa160f60a2e846ef9
Proxy Anket version 3.0.1 suffers from a SQL injection vulnerability.
43e7d044756aa211fec8f5615c1443c3
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
8bfa5e39fa502b98dde95206b5b9bfc8
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
db9451d3fae8cc6c831acdaba82e22d5
ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
16335167eec8447d244ca48ab1ae1b2a
HTTP proxy checking utility.
bb262c9d1c79b5fdca42a57931d7f5b8