Content released at NorthSec 2018 for my talk on prototype pollution
☆535May 25, 2024Updated last year
Alternatives and similar repositories for prototype-pollution-nsec18
Users that are interested in prototype-pollution-nsec18 are comparing it to the libraries listed below
Sorting:
- Prototype Pollution and useful Script Gadgets☆1,601Jan 27, 2024Updated 2 years ago
- Client Side Prototype Pollution Scanner☆523Sep 17, 2022Updated 3 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,768Sep 29, 2025Updated 5 months ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- A collection of browser-based side channel attack vectors.☆760Mar 19, 2024Updated 2 years ago
- ☆705Nov 27, 2024Updated last year
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- research☆152Mar 21, 2024Updated 2 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,172May 26, 2023Updated 2 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆405Oct 2, 2020Updated 5 years ago
- CVE-2017-9506 - SSRF☆190Feb 14, 2022Updated 4 years ago
- Browser's XSS Filter Bypass Cheat Sheet☆1,152May 6, 2017Updated 8 years ago
- ☆16Oct 3, 2018Updated 7 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- Apache Solr Injection Research☆580Jan 28, 2020Updated 6 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- Collection of CTF Web challenges I made☆2,822Aug 31, 2025Updated 6 months ago
- ☆695Jul 4, 2022Updated 3 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆392Aug 15, 2024Updated last year
- 🔪Browser logic vulnerabilities☆696Jan 23, 2021Updated 5 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,125Apr 21, 2024Updated last year
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆659Feb 1, 2025Updated last year
- Deserialization payload generator for a variety of .NET formatters☆3,689Dec 23, 2024Updated last year
- ☆72Nov 20, 2017Updated 8 years ago
- A DNS rebinding attack framework.☆1,270Dec 4, 2025Updated 3 months ago
- Collections of Orange Tsai's public presentation slides.☆751Jan 1, 2025Updated last year
- ☆3,661Jan 9, 2025Updated last year
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,721Dec 1, 2024Updated last year
- My CTF Challenges☆216Jan 4, 2026Updated 2 months ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,787Apr 26, 2024Updated last year
- Collection of exploits/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)☆48Jul 17, 2018Updated 7 years ago
- ☆53Dec 3, 2025Updated 3 months ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various servers☆3,324Apr 18, 2023Updated 2 years ago
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- A Node.js vulnerability finding tool.☆96Aug 7, 2025Updated 7 months ago