lcatro / cross_domain_postmessage_vuln_digView external linksLinks
WEB 跨域postMessage() 漏洞挖掘工具,基本原理:使用AJAX 获取页面代码,结合iframe 和data 协议构造测试环境,然后在iframe 下的window.onmessage 中插入hook 监控onmessage 的参数,最后通过能否被原来的onmessage 逻辑引用参数中的data 属性来判断是否�可以跨域传递数据..
☆11Sep 13, 2016Updated 9 years ago
Alternatives and similar repositories for cross_domain_postmessage_vuln_dig
Users that are interested in cross_domain_postmessage_vuln_dig are comparing it to the libraries listed below
Sorting:
- whatweb的插件☆15Aug 15, 2014Updated 11 years ago
- Web在线菜刀☆19Oct 18, 2017Updated 8 years ago
- 通过调用zoomeye来获取安装JBoss机器的地址,然后通过HEAD请求植入webshell。 wxPython写了一个界面的控制程序。☆12Mar 28, 2018Updated 7 years ago
- 漏洞复现记录☆11Jun 18, 2019Updated 6 years ago
- ☆15Aug 12, 2009Updated 16 years ago
- 用于快速探测未授权MongoDB数据库结构,取第一条内容,并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical da…☆26Dec 5, 2016Updated 9 years ago
- XSS hunter 收集Webview 页面上存在的反射,储存型XSS ,方便应急APP 和前端页面在发布时遇到XSS 安全问题..☆42Oct 9, 2016Updated 9 years ago
- 修改htcap的数据库为mysql☆24Jul 9, 2017Updated 8 years ago
- ZZCMS v8.2-重装GETSHELL工具☆11May 8, 2018Updated 7 years ago
- 针对PHP网马的正则查杀☆13Jan 10, 2018Updated 8 years ago
- Ssdt Hook Detection tool☆13Nov 11, 2016Updated 9 years ago
- nmap模块扫描端口服务后,调用对应的exp检测☆12Jun 9, 2018Updated 7 years ago
- ☆16Aug 31, 2018Updated 7 years ago
- 常用系统服务默认端口列表☆13Apr 25, 2017Updated 8 years ago
- ☆17Aug 9, 2017Updated 8 years ago
- Django+NodeJS+Redis实现实时消息推送☆27Sep 1, 2014Updated 11 years ago
- DumpDB Dump database from mysql, mysql脱裤脚本☆19Jun 3, 2016Updated 9 years ago
- 一个Fuzzing服务器端模板注入漏洞的半自动化工具☆15Aug 4, 2016Updated 9 years ago
- 《横向移动攻击与检测技术》专栏文章☆17Sep 5, 2019Updated 6 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago
- ☆20May 12, 2016Updated 9 years ago
- 一款开源指纹识别工具。☆15May 19, 2017Updated 8 years ago
- ☆21Jan 31, 2018Updated 8 years ago
- 分布式互联网开放端口与协议扫描☆18Jul 20, 2016Updated 9 years ago
- Aurora Remote Administration Tool☆20Apr 16, 2018Updated 7 years ago
- CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html☆18Feb 5, 2018Updated 8 years ago
- ☆16Jul 21, 2017Updated 8 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- 常用的一些Exploit,经常会更新,也欢迎各位提交新的exp给我。☆26Jul 27, 2018Updated 7 years ago
- CVE-2017-7269 回显PoC ,用于远程漏洞检测..☆89Oct 27, 2018Updated 7 years ago
- 总结一些渗透中值得关注的默认端口☆23May 19, 2016Updated 9 years ago
- Burpsuite HTTP 插件,主要用于内网测试,可定制Content-Type和Response Content☆24Jul 2, 2018Updated 7 years ago
- IDOR bypass fuzz 权限绕过burp 插件 fuzz (shiro 等)☆27Sep 1, 2021Updated 4 years ago
- cloudsafe 云安全扫描☆23Dec 30, 2013Updated 12 years ago
- Java通用漏洞修复安全组件☆60Jul 12, 2025Updated 7 months ago
- ☆106Feb 2, 2018Updated 8 years ago
- ☆23Jun 2, 2017Updated 8 years ago
- ModularAdmin V2 Preview☆11Dec 25, 2017Updated 8 years ago
- 一款存储HTTP请求入库的burpsuite插件☆29Apr 8, 2018Updated 7 years ago