cnotin / RazorVulnerableAppLinks
DO NOT USE: this is a vulnerable ASP.NET web app using Razor templating engine. The vulnerability is a Server-Side Template Injection (SSTI). For training and testing purposes.
☆28Updated 5 years ago
Alternatives and similar repositories for RazorVulnerableApp
Users that are interested in RazorVulnerableApp are comparing it to the libraries listed below
Sorting:
- Practice hacking JWT tokens☆116Updated 3 years ago
- Gopher Tomcat Deployer☆48Updated 6 years ago
- #BugBounty #BugBounty Tools #WebDeveloper Tool☆38Updated 4 months ago
- ☆60Updated 6 years ago
- ☆56Updated 4 years ago
- Burp extension to filter JSON on the fly with JQ queries in the HTTP message viewer.☆48Updated 4 years ago
- tetctf2020_amf_writeups☆23Updated 4 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆54Updated 3 years ago
- RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer☆56Updated 5 years ago
- Compiled dataset of Java deserialization CVEs☆60Updated 5 years ago
- Authenticated SSRF in Grafana☆82Updated last year
- Burp Bounty profiles☆83Updated 3 years ago
- Spring Boot Actuator (jolokia) XXE/RCE☆23Updated 6 years ago
- A Web-UI for subdomain enumeration (subfinder)☆55Updated 5 years ago
- Same Origin XSS challenge☆64Updated 3 years ago
- In this repository I'll host my research and methodologies for auditing vulnerabilities☆29Updated 5 years ago
- This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, …☆53Updated 2 years ago
- CSS injection vulnerability in Swagger UI☆34Updated 5 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆106Updated 5 years ago
- Public Disclosures☆91Updated 3 years ago
- A Burp extension to show the Collaborator client in a tab☆24Updated 2 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆110Updated 3 years ago
- Generating payloads to reverse shell in different contexts of java.☆49Updated 3 years ago
- A burp-suite plugin that extract all parameter names from in-scope requests☆29Updated 3 years ago
- Wordlist to get files/ folders listed by the app that may expose passwords, sensitive file or folders☆22Updated 5 years ago
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆128Updated 2 years ago
- ☆50Updated 5 years ago
- Exploits developed by Mikael Kall☆47Updated 2 years ago
- CVE-2021-40346 PoC (HAProxy HTTP Smuggling)☆41Updated 4 years ago
- Tool is to check for Cache Deception Attack Both For Authenticated and UnAuthenticated Pages☆44Updated 3 years ago