A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
b673e03e8e1aa51151d99f5859b00763aeba232a9176600740c438ec5fb79defThis is a brief write up discussing insecure functions susceptible to classic buffer overflows.
6c56ef6f21fb5c517c4f05fbff6461b2f130d800355ad39593d8b2f06bee3943This is a brief write up noting javascript backdoors left in common PHP shells.
5cfb1217e9087a15de79d56e9f05827f2a275f0a080cf8427518a3cba732ef2fThis is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.
a7d45dd13990e785f7ee6bbec647ae6693fc0348799ef70a34911098b0fb2da6This is a brief write up discussing exploitation of the cross site request forgery vulnerability discovered in the Cisco EPC3925 router.
e0e9eb1360b28fa8b096368773821f3b01656d4faedb41fc2062ac1a7094eaffThis is a brief write up discussing a root cause analysis of why spawning calc.exe triggered a stack overflow.
df816f981278218c855742bbf91b22db7088072ca5aade2974f7d629781ce6e6This is a brief write up that provides a shell script for passwording a shell bound with netcat.
cfc1acda80ec146d9ab2c3f0450fde46f259d590816a5459a6af88bcf081612eMcAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5Proxy Check is a tool that includes a website to automate testing for web proxy content filtering. It has a battery of tests that includes looking for typically malicious URLs, several PDF exploits, and more.
ac9e7fea81ae9f981e0e3a0a3524dbb37d2aefac198ef4e781a1ffbf6cab1891This is a brief write up discussing Google V8 server-side javascript (SSJS) injection.
7652f540e79f74e1eff943b389b6f7f03423371c27f0d655323015f9f003002bThis is a brief write up discussing time-based NoSQL injection attacks using javascript.
38f29f6bb429406f5f75bcf44692f842d085e1f1bc2d98124da439be4d863cc3This is a brief write up discussing how to leverage cross site scripting and shell upload vulnerabilities in eyeOS versions prior to 1.9.0.3.
a85cc3f9867494f8f5494efd6b0a2014c6c25a8a712b1ca45e7374338ed1221bThis is a brief write up with examples on how to perform DNS spoofing using Scapy. Written in Indonesian.
fda8f6b2be4199e0eb722ba337268ab1fadf3a12c254a57601fb651642c27475Proxyroll.com Clone PHP Script suffers from an insecure cookie handling vulnerability that allows for price manipulation.
753cb612f700baa9a7d713c5b8ff9e1d55bcc89f7cdc147d545a2d6c8960eaf4This Metasploit module exploits a stack overflow in Proxy-Pro Professional GateKeeper 4.7. By sending a long HTTP GET to the default port of 3128, a remote attacker could overflow a buffer and execute arbitrary code.
f263e459a51ce3b19e265dbc0a01b7a3c3ab6600a69d08d3754887972c12e298This is a brief write up discussing blind SQL injection attacks. Written in French.
850e44ffacd06e23d7caec378232e76af6b7f4ef2eb9209c89c61b21dba24190Proxy List Script suffers from a cross site scripting vulnerability.
78c1633de2d11ecee72b11335cee10a951478454867363eebb7ba913fa8f825aProxy Harvesting tool that uses google and evaluates the sites.
517e1265f9e5f9aae9917f456036e6e736b6c8cd4018adce8f4760ccafdb26cfproxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
6eced49949c30e88205a4cd63d797c5592dcfaa4de30d29dbe99df9e6b80fa9aProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Windows version. Written in Python.
da770b4014ebd251157864ec374ad5b81d1ca7e37682b8813de1fb246c9ae242ProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Linux / Mac OSX version. Written in Python.
6911c85050d2dd1521c1b8f2b5f0a8a6bbc3fe11c7e60d55551550068026cde6This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver. It is primarily useful when verifying false positives from automated vulnerability assessment tools.
203ad5690055cb97040a956a45aea7128a31b0d77823f608d16c161a7e50eeccProxy Anket version 3.0.1 suffers from a SQL injection vulnerability.
9957895b7afb2c01268af97b5c9c0a9bc02e84621a5e8f6aa1af238f62527eceproxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
225317c491c73020a70f12fc88eb850b91684e2c7440b063846fe4562d4fab69proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
1c2fa744beb99f46844eb518721c9c32d048bf7b15541d6acbef6457faedf066ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed