HoLyVieR / prototype-pollution-nsec18View external linksLinks
Content released at NorthSec 2018 for my talk on prototype pollution
☆532May 25, 2024Updated last year
Alternatives and similar repositories for prototype-pollution-nsec18
Users that are interested in prototype-pollution-nsec18 are comparing it to the libraries listed below
Sorting:
- Prototype Pollution and useful Script Gadgets☆1,581Jan 27, 2024Updated 2 years ago
- Client Side Prototype Pollution Scanner☆524Sep 17, 2022Updated 3 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- ☆709Nov 27, 2024Updated last year
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,729Sep 29, 2025Updated 4 months ago
- SSRF (Server Side Request Forgery) testing resources☆2,484Oct 12, 2024Updated last year
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆345Nov 20, 2022Updated 3 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆406Oct 2, 2020Updated 5 years ago
- A collection of browser-based side channel attack vectors.☆759Mar 19, 2024Updated last year
- research☆152Mar 21, 2024Updated last year
- The cheat sheet about Java Deserialization vulnerabilities☆3,167May 26, 2023Updated 2 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- Browser's XSS Filter Bypass Cheat Sheet☆1,151May 6, 2017Updated 8 years ago
- ☆1,201Sep 2, 2022Updated 3 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- ☆695Jul 4, 2022Updated 3 years ago
- Collection of CTF Web challenges I made☆2,821Aug 31, 2025Updated 5 months ago
- CVE-2017-9506 - SSRF☆190Feb 14, 2022Updated 3 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- 🔪Browser logic vulnerabilities☆697Jan 23, 2021Updated 5 years ago
- Collections of Orange Tsai's public presentation slides.☆754Jan 1, 2025Updated last year
- Probe a rendering engine for vulnerabilities and other features☆367Oct 13, 2021Updated 4 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,117Apr 21, 2024Updated last year
- ☆284Nov 12, 2021Updated 4 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆285Jul 22, 2017Updated 8 years ago
- A DNS rebinding attack framework.☆1,258Dec 4, 2025Updated 2 months ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,771Apr 26, 2024Updated last year
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆390Aug 15, 2024Updated last year
- ☆3,659Jan 9, 2025Updated last year
- This tool generates gopher link for exploiting SSRF and gaining RCE in various servers☆3,296Apr 18, 2023Updated 2 years ago
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- Deserialization payload generator for a variety of .NET formatters☆3,669Dec 23, 2024Updated last year
- ☆72Nov 20, 2017Updated 8 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,059Jan 2, 2024Updated 2 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,704Dec 1, 2024Updated last year
- ☆1,182Jan 21, 2026Updated 3 weeks ago
- ☆53Dec 3, 2025Updated 2 months ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago