Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
Category: Web Application Pen Testing
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
Denial of Service discovered against Fossil SCM when running on Windows boxes.
CLI Web Discovery Alternative to Dirb, Dirsearch, Etc
A great alternative to have for web discovery during web app pen tests or bug bounties.
Using the WayBack Machine to create parameter wordlists
A tool to create parameter wordlists of whatever domains (and subdomains) via the internet archive (wayback machine)!
Insanely powerful wordlist generator – MUST HAVE for Web App Pen Tests and Bug Bounties
Extremely useful and impressive wordlist generator and much more; cook.
WAF Payload Generator for Web App Pen Tests + Bug Bounty
Tool for bypassing WAFs using permutations and combinations of the payloads you already have.
Holy Smokes Batman! Another big repo of Bug Bounty Reports, Cheat sheets, Checklists and more!
Another Repo of Web Application and API Bug Bounty, Penetration test and security assessment documents, reports and more!
Custom Formula CSV XLS XLSX Injection Wordlist
Created my own Formula/CSV/XLS/XLSX formula injection wordlist and added it to TreeHouse wordlists!