@kobi_hk Released UploadForge — an open-source file upload vulnerability scanner
with CLI + GUI and real-world bypass techniques.
Would love feedback from the infosec community 👇
https://t.co/18qPfr8FHK
#infosec#bugbounty#opensource
@_aircorridor@three_cube Released UploadForge — an open-source file upload vulnerability scanner
with CLI + GUI and real-world bypass techniques.
Would love feedback from the infosec community 👇
https://t.co/18qPfr8FHK
#infosec#bugbounty#opensource
Built for penetration testers and security researchers, it automates the process of testing file upload forms against a wide variety of bypass techniques.
https://t.co/18qPfr8FHK
#bugbounty#infosec#hacking#OpenSource
I released UploadForge V1.0.0‼️
upload forge is a powerful, production-grade security tool designed to detect and exploit file upload vulnerabilities in web applications.
https://t.co/18qPfr8FHK
#bugbounty#infosec#Hacking#OpenSource#CyberSecurity
IDOR-Forge V2.0 Released!
IDOR-Forge v2.0 represents a paradigm shift in automated vulnerability assessment for Insecure Direct Object References (IDOR), transitioning from rudimentary parameter fuzzing to a robust, context-aware scanning paradigm...
LDAP Filters Allow Complex Wildcard Attacks‼️
The * wildcard in LDAP can match any value, but few know that nested filters can be abused:
(&(objectClass=*)(|(uid=admin*)(cn=*)))
Attackers can chain multiple conditions to extract data even when some filters are blocked.
@40sp3l root cause bro
in the code, the X-Request-ID header value is taken directly from the HTTP request and passed to subprocess.check_output() with shell=True without any sanitization or validation, which could allow the attacker to execute system commands on it.
@Rajat_sharma111 IDOR-Forge focuses on systematically changing identifiers and, therefore, usually manipulates API, URL, JSON parameters to access vulnerabilities, while Autorize focuses on access control validation.
and let me also say that IDOR-Forge usually focuses on classic IDOR.
IDOR-Forge V1.5.2 is released!
IDOR Forge is a powerful and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
https://t.co/wBlPQU5AxJ
#CyberSec#IDOR#BugBounty#tool
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
https://t.co/wBlPQU68nh
SeaShell
SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
https://t.co/PzazqR0c0p
#cybersecurity#infosec#pentesting