Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem).
python3 poc.py -u https://<target_url>/system/refinery/images -r /etc/passwd
python3 poc.py -u https://<target_url>/system/refinery/images -w public/test.txt -c test.txt -lu http://<local_url>
For more information, please visit the blog.
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta
logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http
Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec
CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V
The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.
This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.
CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s
MongoDB-Injection Cheesy Multi-threaded script for NoSQL Injection This challeng
honeybee-ies Honeybee extension for export a HBJSON file to IES-VE GEM file format Installation pip install honeybee-ies QuickStart import pathlib fro
TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. ?? Introduction We focus on extra
sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of
HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.
Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va
CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Conflue
2 Nov 9, 2022
3 Nov 16, 2021
9 Dec 30, 2022
67 Oct 25, 2022
2 Oct 29, 2022
9 Aug 31, 2022
2 Jan 17, 2022
32 Nov 5, 2022
2 Feb 15, 2022
2 Jun 6, 2022
4 Jul 12, 2022
21 Sep 24, 2022
25.7k Jan 8, 2023
100 Dec 23, 2022
47 Nov 9, 2022
92 Jul 20, 2022
12 Dec 2, 2022
16 Sep 15, 2021
15 Sep 23, 2022